Rainbow and P_NET
Michael Stone
michael at laptop.org
Mon Mar 17 13:10:18 EDT 2008
Bert,
It's still in early prototyping so there's substantial flexibility to
adapt it to do what we need.
At present, sys_disablenetwork() disables calls to socket(), connect(),
bind(), and sendmsg() for address families other than AF_UNIX. (I.e. all
unix sockets should still work and everything else should return EACCES).
I'm _think_ I could get it to allow AF_INET and AF_INET6 connections to
localhost without much trouble if this would be valuable to folks. (As I
understand, the primary use case is to write local networking code that
will function identically on both Windows and *nix).
Michael
On Mon, Mar 17, 2008 at 04:11:07PM +0100, Bert Freudenberg wrote:
> On Mar 16, 2008, at 15:00 , Walter Bender wrote:
>
> > 18. Rainbow: Michael Stone prototyped a network isolation primitive
> > described by Daniel Bernstein
> > (http://cr.yp.to/unix/disablenetwork.html), demoed an activity in
> > which a web browser and an HTTP server work together to examine the
> > filesystem.
>
> Does this still allow socket access to localhost, e.g. for Stream Tubes?
>
> - Bert -
>
>
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
More information about the Devel
mailing list