On 2006-10-09 smb@cs.columbia.edu wrote:

> The second is to tie access control to the process, rather than the port
> number.  Systrace is more or less like that; in the Windows world, the
> ZoneAlarm firewall works that way.  It's not a horrible way to proceed,
> though it doesn't help nearly as much if a single program needs different
> levels of access for different parts of it (permit DNS queries; block
> other external acces, for example).
>
> The third is to have some construct analogous to chroot(), where we bind a
> network "view" to an application at startup time.  I suspect that this is
> the proper answer, but I'm by no means certain of it.  The difficulty here
> is complexity of administration -- even if I didn't have five different
> applications that needed to have the same view.

  IMO, treating servers specially (either as above or by a single separate
utility) would help in many home network circumstances (that is, listen
would not be allowed unless configured to be accepted for that port, which
could be done per interface (same for any UDP use)).  The same mechanism
could interact with external firewalls via UPnP.

Matthew Orgass
darkstar@city-net.com