* will --cmd-owner ever return?
@ 2007-03-27 18:45 vwf
2007-03-27 18:51 ` Tom Eastep
0 siblings, 1 reply; 4+ messages in thread
From: vwf @ 2007-03-27 18:45 UTC (permalink / raw)
To: netfilter
Hello,
Since kernel 2.6.15, command owner matching is gone (-m owner
--cmd-owner). I consider this match vital for securing a workstation.
Programs are calling home (including well known very free source ones),
emails contain all kinds of tricks to report back (some of them I cannot
delete unseen), some programs are simply too insecure to be alowed to
connect to some server (e.g. media players), and often I simply want my
workstation to be absolutely quiet (except when I specificly ask for
something).
How can I lock my workstation down on application level?
Please tell me Netfilter can do this. Or can't it?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: will --cmd-owner ever return?
2007-03-27 18:45 will --cmd-owner ever return? vwf
@ 2007-03-27 18:51 ` Tom Eastep
2007-03-27 19:25 ` tom
0 siblings, 1 reply; 4+ messages in thread
From: Tom Eastep @ 2007-03-27 18:51 UTC (permalink / raw)
To: vwf; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 325 bytes --]
vwf wrote:
> How can I lock my workstation down on application level?
tuxguardian.sf.net
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: will --cmd-owner ever return?
2007-03-27 18:51 ` Tom Eastep
@ 2007-03-27 19:25 ` tom
2007-03-28 2:07 ` Jan Engelhardt
0 siblings, 1 reply; 4+ messages in thread
From: tom @ 2007-03-27 19:25 UTC (permalink / raw)
To: Tom Eastep; +Cc: netfilter, vwf
If a connection is established, then you can find the owner by comparing
the inode in /proc/net/tcp with the /proc/<PID> tree [all the numbered
folders]. In each of these there is a folder named fd which provides
symbolic links to the open file descriptors which that PID is using. a
quick ls -l will give you the information you need to resolve it to a
socket inode, you'll usually see socket:[32424] or something similar.
You then know which PID owns the conection. I have some python code
which resolves this all to program names if you want it?
Tom Eastep wrote:
> vwf wrote:
>
>
>> How can I lock my workstation down on application level?
>>
>
> tuxguardian.sf.net
>
> -Tom
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: will --cmd-owner ever return?
2007-03-27 19:25 ` tom
@ 2007-03-28 2:07 ` Jan Engelhardt
0 siblings, 0 replies; 4+ messages in thread
From: Jan Engelhardt @ 2007-03-28 2:07 UTC (permalink / raw)
To: tom; +Cc: netfilter, Tom Eastep, vwf
On Mar 27 2007 20:25, tom wrote:
>
> If a connection is established, then you can find the owner by comparing the
> inode in /proc/net/tcp with the /proc/<PID> tree [all the numbered folders].
That's not really atomic.
Jan
--
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-03-28 2:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-03-27 18:45 will --cmd-owner ever return? vwf
2007-03-27 18:51 ` Tom Eastep
2007-03-27 19:25 ` tom
2007-03-28 2:07 ` Jan Engelhardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.