Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: app-based port blocking

On Wednesday, May 15, 2002, at 03:06 PM, Eugene Lee wrote:

Is there a way to firewall a particular app or a process from connecting
to the Internet (aka mandatory access controls for sockets)?

No. You might be able to cobble together an NKE to prohibit access based on UID, which is kept in the socket structure, but otherwise, there's no good way (other than "too much knowledge") to determine what application is making the access.

For one thing, process A can set up a socket, and then pass the descriptor for the socket to another process. It would be difficult, and somewhat of a time-drain, to check for 'permission' on every socket access. This also limits the usefulness of the UID hack above.

Regards,

Justin

--
Justin C. Walker, Curmudgeon-At-Large *
Institute for General Semantics | It's not whether you win or lose...
| It's whether *I* win or lose.
*--------------------------------------*-------------------------------*
_______________________________________________
darwinos-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwinos-users
Do not post admin requests to the list. They will be ignored.
References: 
 >app-based port blocking (From: Eugene Lee <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.