[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: bittorrent in core? what frontend?

On Sat, 2005-12-17 at 07:53, Michael A. Peters wrote:
> On Sat, 2005-12-17 at 07:41 -0500, Sean wrote:

> >    You don't want a static
> > firewall rule for a process that is only running occasionally.   No, what
> > you want is  an appropriate firewall rule set only for the time that BT is
> > actually running.   Anything else is a security risk in itself.
Actually shouldn't the strict selinux policy cover this type of thing
much better. Not only just while BT is running, but only BT the app can
listen on that port range?

> Oh I see what you are saying.
> When trusted application foo is being run by user in trusted group bar
> (or open for any user) - the firewall will open ports xxxx to yyyy
> should foo request they be opened - for the duration that foo is
> running.
yes and that request should just be the bind(sockfd, my_addr, addrlen);
The kernel should be able to decide to grant that request based on the
information it has being a "trusted" app(selinux context label), run by
trusted user(uid,gid,selinux domain).
> That would be slick.
It would be slicker if only the BT app could use those ports and you
didn't have to dynamically punch holes in the firewall.

GPG Key fingerprint = EF6F 1486 EC27 B5E7 E6E1  3C01 910F 6BB5 4A7D 9677

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]