Date: Tue, 11 Jul 2006 16:27:29 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-hackers@FreeBSD.ORG, artifact.one@googlemail.com Subject: Re: Stop further socket() or connect() calls. Message-ID: <200607111427.k6BERTNc079208@lurza.secnetix.de> In-Reply-To: <8e96a0b90607031009v4ec2630fgfc432f5dad15abda@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
mal content <artifact.one@googlemail.com> wrote: > I was looking for a way to write a small wrapper program > that disables network access and then exec()'s a given > program. Sorry for the late reply, but ... The easiest way to do what you described is to run the program in a jail which has a jail IP that doesn't exist and isn't routed. Then the program cannot perform any network access. For example: jail / foo 127.0.0.2 /your/program All attempts to access the network should result in an error "no route to host" (errno EHOSTUNREACH). Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. C++: "an octopus made by nailing extra legs onto a dog" -- Steve Taylor, 1998
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607111427.k6BERTNc079208>