|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Email marketing company gives out questionable security advice
From: Richard Rager (kb8rln
penguinmaster.com)
Date: Mon Jul 07 2003 - 14:32:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 4 Jul 2003, D. J. Bernstein wrote:
> Richard M. Smith writes:
>
> P.S. It's hard for a portable chroot tool to cut off a program's network
> access. Kernel designers should provide a disablenetwork() syscall, with
> the disabling inherited by children. Other kernel changes would be nice,
> but disablenetwork() is the only critical change.
>
Look at selinux. You can drop any privleges under selinux or Bull Dog
or you can uses Linux Socket Filtering is user space with kernel 2.4.18+
--
Enjoy,
Richard Rager
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]