Stop further socket() or connect() calls.
olli at lurza.secnetix.de
Tue Jul 11 14:27:41 UTC 2006
mal content <artifact.one at googlemail.com> wrote:
> I was looking for a way to write a small wrapper program
> that disables network access and then exec()'s a given
Sorry for the late reply, but ... The easiest way to do
what you described is to run the program in a jail which
has a jail IP that doesn't exist and isn't routed. Then
the program cannot perform any network access.
For example: jail / foo 127.0.0.2 /your/program
All attempts to access the network should result in an
error "no route to host" (errno EHOSTUNREACH).
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
C++: "an octopus made by nailing extra legs onto a dog"
-- Steve Taylor, 1998
More information about the freebsd-hackers