Jason Opperisano wrote:
On Wed, Jun 01, 2005 at 10:12:36AM +0800, Feizhou wrote:
I disagree. We do not have to provide a Zone Alarm clone. Its
functionality of checking what processes can use the network though
would be useful in providing mandatory controls on what processes get to
talk to the outside world.
Right now there is simply no such ability. Having this on say a server
will prevent users from looking around the network if they have shell
access or sending info/data out. Obviously only root should be able to
see the list of process names allowed and the other conditions like uid
and ports allowed to use by the process.
http://www.nsa.gov/selinux/
the mere act of saying something on a public mailing list doesn't make
it true.
:)
I stand corrected.
