nominate for removal: ethereal
Florin Andrei
florin at andrei.myip.org
Wed Jul 14 22:13:00 UTC 2004
On Thu, 2004-07-08 at 08:14, Pekka Pietikainen wrote:
> Having a (strict) SELinux policy for it might be a good thing btw. :-)
Actually, that's something that security-minded people have long been
dreaming of: capture all traffic on the network interface(s), perhaps
even in promisc mode, but somehow at the same time not running the
sniffer itself as root, but as a user with much lower privileges.
I guess a clever SELinux policy would achieve the same thing. Now that
SELinux is in Fedora, i guess we could as well put it to good work. ;-)
Running Ethereal, tcpdump and Snort in a SELinux "cage" would be
wonderful. I'm looking forward to it.
--
Florin Andrei
http://florin.myip.org/
More information about the fedora-devel-list
mailing list