Re: Want to block HTTP(web) access but not filesharing
Re: Want to block HTTP(web) access but not filesharing
- Subject: Re: Want to block HTTP(web) access but not filesharing
- From: Hamish Allan <email@hidden>
- Date: Wed, 27 May 2009 15:39:52 +0100
Hi Rahul,
I had so far imagined that your software was for the benefit of some
sort of central authority (i.e. the server admin), who might wish to
prevent people on his client machines from making certain sorts of
connections (i.e. TCP port 80). However it seems from your description
that the user is complicit in the restriction (i.e. it only happens
when they choose to run the software). Is that the case? If so, and
you can also assume further compliance from the user (such as not
simultaneously running software that changes IPFW settings) the
firewall route might still be the easier.
In any case, you'll need to use authorization services to ask the user
for an admin password so that you can set the setuid bit on a helper
tool embedded in your software's package. See:
http://developer.apple.com/documentation/security/conceptual/authorization_concepts/
Best wishes,
Hamish
On Wed, May 27, 2009 at 3:28 PM, Rahulkumar Tibdewal
<email@hidden> wrote:
> Thanks Hamish.
>
> I have written few sample kexts.
> Although they are small ones.
> I want to make sure if kext will take a week or so in development it should be usefull.
>
> Client software is for standard user. When user launch this client software it should load kext
> And when closed it should unload it.
>
> As you know I am new to kext so I want to make sure after its development it should be handy.
> Otherwise whole effort will be waste.
>
> Thanks for your thought. I don't want to disturb the people on list. And if they are getting disturbed a heartiest sorry for all.
>
> However this feature is very important for my product.
>
> Thanks
> Rahul
>
> -----Original Message-----
> From: Hamish Allan [mailto:email@hidden]
> Sent: Wednesday, May 27, 2009 7:42 PM
> To: Rahulkumar Tibdewal
> Cc: email@hidden Programming
> Subject: Re: Want to block HTTP(web) access but not filesharing
>
> On Wed, May 27, 2009 at 2:54 PM, Rahulkumar Tibdewal
> <email@hidden> wrote:
>
>> I will write *.kext. I have to place that in /tmp folder and then load that particular *.kext
>> This can be done from terminal using sudo su.
>>
>> But how to do this every time clients custom software launch?
>
> I don't wish to be rude, but it doesn't bode well that you feel the
> need to ask the list about this, because getting the kext running is
> several orders of magnitude easier than writing the kext. Are you sure
> you know what you're getting yourself into?
>
> The answer to your question depends on how the client software is launched.
>
> Best wishes,
> Hamish
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden