Ask questionsUserspace network access control experiment

I was playing around with a concept of controlling network access and came up with a way to leverage stack traces to track where access to network is requested while security polices in core don't exist yet.

The approach to blocking is pretty naive, I'm aware this can be circumvented by spawning a child process at this point, but seems to have a chance of working otherwise. Did I miss anything obvious?


Answer questions naugtur

I need to follow security wg more closely, there's a lot of interesting stuff going on.

22112 is about process level access control, which - while interesting and badly needed - is not what I'm solving for. My usecase is preventing a dependency from doing something like:


while generally being able to make outgoing http requests from the app logic regardless of libraries used.
So this is a module-level permission. Snapshot-based for ease of use.


Related questions

Update on program eligibility settings hot 1
Github User Rank List