Secure Coding mailing list archives
Re: Re: Application Sandboxing, communication limiting, etc.
From: Martin Stricker <shugal () gmx de>
Date: Fri, 12 Mar 2004 01:14:08 +0000
Andreas Sikkema wrote:
[EMAIL PROTECTED] wrote:Seems to me that the average user application doesn't need to open TCP/UDP ports for listening. Attack bots tend to do this kind of thing.Unfortunately there are applications like VoIP softphones which have to have a listener socket (more than one in many cases).
Such listener sockets should be invoked as privileged servers/services, and the application the user runs only connects via an API to the server process. So the server can be programmed to only accept certain requests from the client, which would make it qzuite difficult for malware to misuse the service. This is the way many Unix-like systems work by default: non-privileged users cannot open a network connection, they need to use a system service instead (like NFS, RPC, a web proxy etc.). If the services are programmed in a secure manner, they can prevent misuse quite good. Best regards, Martin Stricker -- Homepage: http://www.martin-stricker.de/ Linux Migration Project: http://www.linux-migration.org/ Red Hat Linux 9 for low memory: http://www.rule-project.org/ Registered Linux user #210635: http://counter.li.org/
Current thread:
- RE: Re: Application Sandboxing, communication limiting, etc. Andreas Sikkema (Mar 11)
- Re: Re: Application Sandboxing, communication limiting, etc. Martin Stricker (Mar 11)