Date: Sun, 25 Nov 2001 14:54:03 -0500 From: The Anarcat <anarcat@anarcat.dyndns.org> To: Ian Smith <smithi@nimnet.asn.au> Cc: Brett Glass <brett@lariat.org>, Kris Kennaway <kris@obsecurity.org>, freebsd-security@FreeBSD.ORG Subject: Re: Security zone Message-ID: <3C014C5B.9765067F@anarcat.dyndns.org> References: <Pine.BSF.3.96.1011125230455.14871C-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Ian Smith wrote: > > On Sat, 24 Nov 2001, Brett Glass wrote: > > > At 04:11 PM 11/24/2001, Kris Kennaway wrote: > > > > >It's basically a lie; you can do all this and more under FreeBSD. > > > > FreeBSD doesn't have per-application control of ports and sockets, > > which is what ZoneAlarm *tries* to provide. It'd be nice to add this > > as built-in feature, either in the base OS or in ipfw. > > Yeah, Windows security 'features' for FreeBSD, just what we lack! :) > > Can't you do 'per-app' stuff in ipfw with users and/or groups? Frankly > I'm more contented relying on having port access control in rc.firewall. You can't do "per-app" stuff. You can control on the local user or group id, but that is about it. Anyways, I can't figure out how one can pretend to have that level of control over the stack (per-app) and why one would want to have it anyways. "apps" are installed/deinstall, modified, upgraded, etc. It would be impossible and simply useless to have that kind of control. a. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C014C5B.9765067F>