From owner-freebsd-hackers@FreeBSD.ORG Mon Jul 3 19:04:53 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFC8A16A407 for ; Mon, 3 Jul 2006 19:04:53 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail31.syd.optusnet.com.au (mail31.syd.optusnet.com.au [211.29.132.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB76743D53 for ; Mon, 3 Jul 2006 19:04:50 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail31.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id k63J4mVp005418 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 4 Jul 2006 05:04:48 +1000 Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.6/8.13.6) with ESMTP id k63J4mDT003086; Tue, 4 Jul 2006 05:04:48 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.6/8.13.6/Submit) id k63J4mq5003085; Tue, 4 Jul 2006 05:04:48 +1000 (EST) (envelope-from peter) Date: Tue, 4 Jul 2006 05:04:48 +1000 From: Peter Jeremy To: mal content Message-ID: <20060703190448.GD727@turion.vk2pj.dyndns.org> References: <8e96a0b90607031009v4ec2630fgfc432f5dad15abda@mail.gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="n2Pv11Ogg/Ox8ay5" Content-Disposition: inline In-Reply-To: <8e96a0b90607031009v4ec2630fgfc432f5dad15abda@mail.gmail.com> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.11 Cc: freebsd-hackers@freebsd.org Subject: Re: Stop further socket() or connect() calls. X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2006 19:04:54 -0000 --n2Pv11Ogg/Ox8ay5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, 2006-Jul-03 18:09:27 +0100, mal content wrote: >Was it my imagination or did I see a function in libc that >allowed a process to prevent further network access? The closest is shutdown(2) which can stop further access in one direction on an existing socket - not what you want. >I was looking for a way to write a small wrapper program >that disables network access and then exec()'s a given >program. For dynamic executables, you could LD_PRELOAD a .so that replaces all the socket-related syscalls. --=20 Peter Jeremy --n2Pv11Ogg/Ox8ay5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFEqWpP/opHv/APuIcRAjHSAJ48JmftHhRx6zIVE6iRPHYNHRrRAwCeNYWJ RDdOJHrIkWfsgd84+w/ip2c= =LCqj -----END PGP SIGNATURE----- --n2Pv11Ogg/Ox8ay5--