[Exherbo-dev] Proper network sandboxing

Ali Polatel polatel at gmail.com
Tue Aug 25 23:09:20 BST 2009


Sterling X. Winter yazmış:
> On Tuesday 25 August 2009 01:57:03 pm Ali Polatel wrote:
> > This function needs some work, currently it only allows 127.0.0.1
> > and ::1 through.
> 
> What, if anything, can Sydbox do about attempts to connect to various proxies 
> running on localhost? A few examples to consider are: Squid (often found on 
> port 8080); SOCKS (port 1080); Privoxy (port 8118 by default); Tor (port 9050 
> by default).
> 

Good point. Network blacklisting is an idea to solve this.
It'll work just like path prefixes e.g:

[network]
blacklist=127.0.0.1:8118;127.0.0.1:9050

To do this we have to take ports into account as well but that's easy.
What do you think?

-- 
Regards,
Ali Polatel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.exherbo.org/pipermail/exherbo-dev/attachments/20090826/118e9658/attachment.pgp>


More information about the Exherbo-dev mailing list