Re: Kernel Extension
Re: Kernel Extension
- Subject: Re: Kernel Extension
- From: Shawn Erickson <email@hidden>
- Date: Thu, 13 Nov 2003 22:35:54 -0800
On Nov 11, 2003, at 7:05 PM, Matt Jaffa wrote:
Do I really need to use Sockets and everything, All I want to do is
have it where
someone types in an internet address in any web browser on the
computer,
my app that is running behind the scenes will intercept any of those
requests, and then
if that address is in this database we have it will allow them to go
there.
At work we are just making this app to restrict others only to work
related sites, so I quickly just want to make this thing. I just need
to know how little snitch, intercepts the http(port 80) request and
then after allowing it, the web browser shows it.
On Nov 11, 2003, at 10:04 PM, Matt Jaffa wrote:
The Problem with a web proxy is all you have to change the web proxy
settings around and disable the blocks on the other ips and ports.
Yes the people who use these computers will have sudo access, but if
I design my app, then it will be able to have a non-sudo password
associated with it, that they will create when installing my app.
Just re-reading things... your application will have a non-sudo
password associated with it? I don't follow this.
Regardless your application, kext, etc. can be removed using sudo if
the user has "admin" privileges on the system. You cannot prevent that.
It would be trivial to bypass this.
Again the only real solution to this is to firewall the internal
network from the external world, blocking all ports (or at least the
ones you care about). Then only allow access to websites via a web
proxy that has a privileged way through the firewall. Using filtering
in web proxy as needed.
-Shawn
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.