Prev: how to disable the touchpad when pluging usb mouse?
Next: Most inexpensive debian friendly laserjet printer? total cost of ownership including laserink?
From: frits on 5 May 2008 12:20
On Sun, May 04, 2008 at 09:28:03AM +0200, NN_il_Confusionario wrote:
> > * From: frits <frits7(a)vulkor.net>
> >allowed to include the applications in the firewall rules.
>
> man iptables in etch still shows
>
> owner
> This module attempts to match various characteristics of the packet creator, for locally-
> generated packets.

On the same page:
NOTE: pid, sid and command matching are broken on SMP

Most modern processors are SMP, and it really appears broken.

The idea of different users is not really usable. I use my systems to
work.

Any idea when --cmd-owner gets fixed?


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: NN_il_Confusionario on 5 May 2008 14:20
> * From: frits <frits7(a)vulkor.net>
>The idea of different users is not really usable. I use my systems to
>work.

this is interesting: it is the first time that I hear about unix
multiuser capabilities (to run applications side by side as different
users) being "not really usable". Can you elaborate?


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: frits on 7 May 2008 13:10
On Mon, May 05, 2008 at 08:12:26PM +0200, NN_il_Confusionario wrote:
> > * From: frits <frits7(a)vulkor.net>
> >The idea of different users is not really usable. I use my systems to
> >work.
>
> this is interesting: it is the first time that I hear about unix
> multiuser capabilities (to run applications side by side as different
> users) being "not really usable". Can you elaborate?

I read it as role-based internet access. I want application based
access.

F.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: NN_il_Confusionario on 7 May 2008 15:20
On Wed, May 07, 2008 at 04:58:08PM +0000, frits wrote:
> On Mon, May 05, 2008 at 08:12:26PM +0200, NN_il_Confusionario wrote:
> > > * From: frits <frits7(a)vulkor.net>
> > >The idea of different users is not really usable. I use my systems to
> > >work.
> > Can you elaborate?
> I read it as role-based internet access. I want application based
> access.

If you want this,

application based firewall - Google Search
http://www.google.com/search?q=application+based+firewall&num=100

finds inmediately

TuxGuardian - An application-based firewall
http://tuxguardian.sourceforge.net/

But I suspect that this two years old software will not work with the
CONFIG_SECURITY_CAPABILITIES=y
kernel option.

I have abosolutely no experiece in such things, partly because I am
unable to see security advantages of application-based firewalls over
role-based ones.

--
Chi usa software non libero avvelena anche te. Digli di smettere.
Informatica=arsenico: minime dosi in rari casi patologici, altrimenti letale.
Informatica=bomba: intelligente solo per gli stupidi che ci credono.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
 | 
Pages: 1
Prev: how to disable the touchpad when pluging usb mouse?
Next: Most inexpensive debian friendly laserjet printer? total cost of ownership including laserink?