From: Arnaldo Carvalho de Melo <acme@conectiva.com.br>
To: Pekka Savola <pekkas@netcore.fi>
Cc: Jeff Garzik <jgarzik@pobox.com>, netdev@oss.sgi.com
Subject: Re: disablenetwork() syscall?
Date: Mon, 7 Jul 2003 19:33:35 -0300 [thread overview]
Message-ID: <20030707223334.GG5292@conectiva.com.br> (raw)
In-Reply-To: <Pine.LNX.4.44.0307072250000.11843-100000@netcore.fi>
Em Mon, Jul 07, 2003 at 10:52:15PM +0300, Pekka Savola escreveu:
> On Mon, 7 Jul 2003, Jeff Garzik wrote:
> > On Mon, Jul 07, 2003 at 10:40:02PM +0300, Pekka Savola wrote:
> > > In a bugtraq thread, DJ Bernstein brought up an idea which I'm not sure
> > > has been brought up in the past. I'm not sure whether it's feasible or
> > > not, but at least it (and other methods to limit the functions of a
> > > user-level code) might bear consideration.
> >
> > What about some URLs to what you are describing?
> >
> > The most information you provided was in $subject, whose content
> > makes me a bit leery...
>
> Well, apart from the post scriptum, there was very little content about
> the feature/idea :-), and the details would seem to be up for everyone's
> imagination.
>
> FWIW, the body of the message is below:
Incomplete, here is the part that he mention the disablenetwork syscall:
------------------------------------- 8< ------------------------------
P.S. It's hard for a portable chroot tool to cut off a program's network
access. Kernel designers should provide a disablenetwork() syscall, with
the disabling inherited by children. Other kernel changes would be nice,
but disablenetwork() is the only critical change.
------------------------------------- 8< ------------------------------
next prev parent reply other threads:[~2003-07-07 22:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-07 19:40 disablenetwork() syscall? Pekka Savola
2003-07-07 19:46 ` Jeff Garzik
2003-07-07 19:52 ` Pekka Savola
2003-07-07 22:33 ` Arnaldo Carvalho de Melo [this message]
2003-07-07 21:03 ` Mitchell Blank Jr
2003-07-07 23:59 ` James Morris
2003-07-13 7:04 ` Pekka Savola
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030707223334.GG5292@conectiva.com.br \
--to=acme@conectiva.com.br \
--cc=jgarzik@pobox.com \
--cc=netdev@oss.sgi.com \
--cc=pekkas@netcore.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.