Let's say you have a binary that "phones home". The machine on which it resides you have SSH access to, but cannot log in via root [or sudo]. How would you sandbox it so that all outgoing network traffic from the executable gets blocked?
on windows, I wrote a loader that would start a process suspended and modify some of the calls (send/recv/etc) to go through my code before going out. It would probably work without admin access, and the same type of thing should be possible on Linux. It's function hooking or writing a loader.
I've never done it on Linux, sadly. I mostly do this type of thing from Windows.
I've never seen a Unix firewall that can block based on process. Although, I'm mostly a pf user myself.
I can't say without more details, but is unplugging the Ethernet a possible fix? It'll stop the program from phoning home, at least.
If he has to ssh in, and he doesn't have root, it's likely that he does not have physical access to the box.
Can you write a plugin that gives me an "I just woke up button" that doesn't allow me to post within 30 minutes of clicking it?
Quote from: Joe on February 26, 2011, 12:53:14 PM
Can you write a plugin that gives me an "I just woke up button" that doesn't allow me to post within 30 minutes of clicking it?
Sure, but it might have a large false positive rate.
Quote from: iago on February 27, 2011, 10:37:42 AM
Quote from: Joe on February 26, 2011, 12:53:14 PM
Can you write a plugin that gives me an "I just woke up button" that doesn't allow me to post within 30 minutes of clicking it?
Sure, but it might have a large false positive rate.
Hahaha.
HOLD ON, HOLD ON. WAIT A MINUTE
did someone just get told?