On Mon, Aug 16, 2010 at 11:24 PM, Bill Sconce wrote:
>
>
> I'll give iptables a try. It's at just the right level of brute-
> forceness, and of Linuxness.
>
> I love this list.
>
>
disclaimer: I'm jumping into this thread late, and without reading the whole
thing, so this comment may not be relate
On Mon, 16 Aug 2010 16:56:32 -0400
Bill Sconce wrote:
> Does anyone know of a way to prevent a Linux account from accessing
> the Internet?
Wow. Excellent. It looks like iptables may be the ticket. (If my
${very_untrusted_user_UID} is prevented from sending packets out
that does exactly the job
> smart enough to look at who owns the associated socket, it should
> work. Packets don't have owners, true, but a packet without a
> socket is rather like the sound of one hand clapping...
Yah, I had just been imagining the packet in the abstract, in flight,
where such info isn't available. B
On Mon, Aug 16, 2010 at 6:03 PM, Shawn O'Shea wrote:
>
>> have no interest in upgrading just yet. Unless, of course, VzW scores
>> a Samsung Galaxy S model (like the Captivate that AT&T has).
>>
>
> They did. It's called the Verizon Fascinate. No release date yet, but the
> announcement that Samsu
On Mon, Aug 16, 2010 at 7:01 PM, Thomas Charron wrote:
> Internally, packets do have owners. Specifically, the application.
Well, as MOD points out, packets being *received* don't have obvious
owners. Or applications. They couldn't, until fairly late in the
network decision flow chart -- af
On Mon, Aug 16, 2010 at 6:47 PM, Benjamin Scott wrote:
> On Mon, Aug 16, 2010 at 6:30 PM, Michael ODonnell
> wrote:
>> There's no notion of UID associated with
>> an IP packet so once it's in transit it's not straightforward
>> to know who "owns" it ...
>
> I've never looked into this, so I don'
On Mon, Aug 16, 2010 at 6:30 PM, Michael ODonnell
wrote:
> There's no notion of UID associated with
> an IP packet so once it's in transit it's not straightforward
> to know who "owns" it ...
I've never looked into this, so I don't know if/how it works, but if
NetFilter is smart enough to look
Interesting question. There's no notion of UID associated with
an IP packet so once it's in transit it's not straightforward
to know who "owns" it, unless maybe the network code happens
to be executing (synchronously) on behalf of the restricted
user (outbound only?) or maybe if the packet can
> have no interest in upgrading just yet. Unless, of course, VzW scores
> a Samsung Galaxy S model (like the Captivate that AT&T has).
>
>
They did. It's called the Verizon Fascinate. No release date yet, but the
announcement that Samsung did a month or so ago confirmed that VzW will
carry the Gala
On Mon, Aug 16, 2010 at 1:12 PM, Mark Komarinski wrote:
> On 08/16/2010 12:18 PM, Kenny Lussier wrote:
>>
>> (VzW is offering early upgrades to D1
>> users to get them to either the Dx or the D2).
>
> The only reference to early upgrades I see is if your contract is up by
> 12/31/10. Given that m
On Aug 16, 2010, at 4:56 PM, Bill Sconce wrote:
> Does anyone know of a way to prevent a Linux account from accessing
> the Internet?
>
> E.g., setting a [per-user] gateway to nil, or setting permissions
> on some node along the path to eth0?
>
> It's acceptable to be crude, to prevent such an ac
Examples:
http://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html
On Mon, Aug 16, 2010 at 5:12 PM, Thomas Charron wrote:
> iptables can do it.
>
> One of the options is --uid-owner or even --gid-owner
>
> Thomas
--
-- Thomas
__
iptables can do it.
One of the options is --uid-owner or even --gid-owner
Thomas
On Mon, Aug 16, 2010 at 4:56 PM, Bill Sconce wrote:
> Does anyone know of a way to prevent a Linux account from accessing
> the Internet?
>
> E.g., setting a [per-user] gateway to nil, or setting permissions
On 16-Aug-2010, Bill Sconce sent:
> Does anyone know of a way to prevent a Linux account from accessing
> the Internet?
>
> E.g., setting a [per-user] gateway to nil, or setting permissions
> on some node along the path to eth0?
It appears that iptables has an 'owner' module that could be used t
Does anyone know of a way to prevent a Linux account from accessing
the Internet?
E.g., setting a [per-user] gateway to nil, or setting permissions
on some node along the path to eth0?
It's acceptable to be crude, to prevent such an account from
using any network services whatsoever.
I can see h
On 08/16/2010 12:18 PM, Kenny Lussier wrote:
> (VzW is offering early upgrades to D1
> users to get them to either the Dx or the D2).
The only reference to early upgrades I see is if your contract is up by
12/31/10. Given that most people get a new phone every two years,
there's no way that any
On Mon, Aug 16, 2010 at 12:16 PM, Tyson Sawyer wrote:
> On Mon, Aug 16, 2010 at 11:59 AM, Mark Komarinski
> wrote:
>> I just got Froyo for my Droid on Saturday. I'm not sure what I'm
>> missing, so I guess ignorance is bliss. I know that tethering requires
>> an extra charge,
>
> That is my pr
On Mon, Aug 16, 2010 at 11:59 AM, Mark Komarinski wrote:
> On 08/16/2010 09:58 AM, Tyson Sawyer wrote:
>> I've read that Android 2.2 is making its way to the original Motorola
>> Droid from Verizon. I've also read that it doesn't support a few key
>> features that I was looking for and are report
On Mon, Aug 16, 2010 at 11:59 AM, Mark Komarinski wrote:
> I just got Froyo for my Droid on Saturday. I'm not sure what I'm
> missing, so I guess ignorance is bliss. I know that tethering requires
> an extra charge,
That is my primary complaint. I don't use much data and feel that I
already pa
On 08/16/2010 09:58 AM, Tyson Sawyer wrote:
> I've read that Android 2.2 is making its way to the original Motorola
> Droid from Verizon. I've also read that it doesn't support a few key
> features that I was looking for and are reported to be present in the
> "after market" builds.
>
> I've done
I've read that Android 2.2 is making its way to the original Motorola
Droid from Verizon. I've also read that it doesn't support a few key
features that I was looking for and are reported to be present in the
"after market" builds.
I've done a bunch of searching of the 'net and can't find any cle
21 matches
Mail list logo
