mobility and firewall

Travis Watkins alleykat at gmail.com
Sat Jun 4 23:12:25 CDT 2005


On 6/4/05, Christoph Georgi <christoph.georgi at web.de> wrote:
> 
> 
> Michael R Head wrote:
> <snip>
> >>
> >>>$IPTABLES -A OUTPUT -p TCP --dport http -m owner --cmd-owner firefox -j
> >>>ACCEPT
> >>>
> >>>$IPTABLES -A OUTPUT -p TCP --dport http -m owner --cmd-owner firefox-bin
> >>>-j ACCEPT
> >>>
> 
> <snip>
> 
> >
> > Still, it's not very helpful unless it uses the full path to the
> > executable.
> >
> >
> 
> AFAIK it's taking the process name of the running process as one can see
> it with 'netstat -p'. No full path required...
> 
> christoph
> --
> 
> 
> Christoph Georgi
> -----------------------------
> email.  christoph.georgi at web.de
> fon.    +64 (0)9 815 8259
> 
> registered linux user #380268
> ubuntu 5.04 (ubuntu.com)
> 

What's to stop me from making a malicious program called 'firefox' then?

-- 
Travis Watkins
http://www.realistanew.com



More information about the ubuntu-devel mailing list