[30645] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Email marketing company gives out questionable security advice

daemon@ATHENA.MIT.EDU (Richard Rager)
Tue Jul 8 17:37:33 2003

Date: Mon, 7 Jul 2003 13:32:27 -0600 (MDT)
From: Richard Rager <kb8rln@penguinmaster.com>
To: "D. J. Bernstein" <djb@cr.yp.to>
In-Reply-To: <20030704231720.72869.qmail@cr.yp.to>
Message-ID: <Pine.LNX.4.44.0307071324570.32310-100000@penguin>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On 4 Jul 2003, D. J. Bernstein wrote:

> Richard M. Smith writes:
> 
> P.S. It's hard for a portable chroot tool to cut off a program's network
> access. Kernel designers should provide a disablenetwork() syscall, with
> the disabling inherited by children. Other kernel changes would be nice,
> but disablenetwork() is the only critical change.
> 
  Look at selinux.  You can drop any privleges under selinux or Bull Dog 
or you can uses Linux Socket Filtering is user space with kernel 2.4.18+
-- 

Enjoy,

Richard Rager


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30645] in bugtraq

Re: Email marketing company gives out questionable security advice

daemon@ATHENA.MIT.EDU (Richard Rager)Tue Jul 8 17:37:33 2003

daemon@ATHENA.MIT.EDU (Richard Rager)
Tue Jul 8 17:37:33 2003