View Single Post
  #6   (View Single Post)  
Old 27th January 2009
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

Quote:
Originally Posted by DraconianTimes View Post
OK, thanks for the replies. Looks like I'm going to have to wait patiently for FGAP...
I read the link you posted.
Quote:
* only allow binding to port 80/tcp

* only allow read access to file foo

* only allow write access under $HOME/.mozilla
That is lame. Can't you do last to things just withe permissions? Even with
the root access the last two goals can be easily accomplished in BSD world with flags and
kernel security levels. First one looks to me could be easily done with PF.

Systrace is far more serious tool as originally designed.

Last edited by Oko; 27th January 2009 at 12:15 AM.
Reply With Quote