[30652] in bugtraq
Re: Email marketing company gives out questionable security advice
daemon@ATHENA.MIT.EDU (Roland Dowdeswell)
Tue Jul 8 18:56:09 2003
To: "D. J. Bernstein" <djb@cr.yp.to>
In-reply-to: Your message of "04 Jul 2003 23:17:20 -0000."
<20030704231720.72869.qmail@cr.yp.to>
Date: Mon, 07 Jul 2003 14:52:41 -0400
From: Roland Dowdeswell <elric@imrryr.org>
Message-Id: <20030707185242.18C3A174D2@arioch.imrryr.org>
On 1057360640 seconds since the Beginning of the UNIX epoch
"D. J. Bernstein" wrote:
>
>P.S. It's hard for a portable chroot tool to cut off a program's network
>access. Kernel designers should provide a disablenetwork() syscall, with
>the disabling inherited by children. Other kernel changes would be nice,
>but disablenetwork() is the only critical change.
There are tools such as systrace:
http://www.citi.umich.edu/u/provos/systrace/
which comes standard in NetBSD and OpenBSD and has been ported to
various other UNIX platforms which can do what you want.
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
