On Tue, 17 Dec 2002 20:43:35 +0100 (CET) Ole Kofoed Hansen <ole@sandbox.adsl.dk> wrote:
Ole Newbie question for you Ole, How do you set permissions for what mozilla can do? I know chmod and who can do what with the program, but not what the program can do.
or have you made a mozilla user? and added that to downloads? any help info would be appreciated.
or any links?
The part of my message that you asked about was based on my memory of what NSA's kernel modifications and utilities can do. I have not tried it myself, and I would not suggest a newbie to try it either.
For more information about the NSA stuff, look at: http://www.nsa.gov/selinux/
There is also the grsecurity kernel patch which works quite well. It's advanced features let you set specific limits on what each executable can do. It gets tricky though, because if you really tighten up security, apps like X won't run, because of the poor initial design. But the grsecurity apps will let you specifically exempt certain executables from restrictions. http://www.grsecurity.net But the patch is worthwhile just for it's simpler features, like randomized pids, proc restrictions, and control over user socket access. -- use Perl; #powerful programmable prestidigitation