On Wed, Jun 01, 2005 at 10:12:36AM +0800, Feizhou wrote: > I disagree. We do not have to provide a Zone Alarm clone. Its > functionality of checking what processes can use the network though > would be useful in providing mandatory controls on what processes get to > talk to the outside world. > > Right now there is simply no such ability. Having this on say a server > will prevent users from looking around the network if they have shell > access or sending info/data out. Obviously only root should be able to > see the list of process names allowed and the other conditions like uid > and ports allowed to use by the process. http://www.nsa.gov/selinux/ the mere act of saying something on a public mailing list doesn't make it true. -j -- "Lois: What's going on? Stewie: We're playing house. Lois: The boy is all tied up. Stewie: Roman Polanski's house." --Family Guy
