application control

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

application control

muhammad-3
Hi
 
I wonder how NuFW performs application control. The only piece of software that can decide the application name is a NuFW client. But the client side is under user's control, so he/she can install a client of his/her choice: perhaps a cracked version of the client that sends bogus information about the application being used. For example, he/she wants to use "/usr/local/bin/rsh" but finds out that only "/bin/ssh" is admitted. A custom client can replace the application name with "/bin/ssh" for all the packets. The imprtant point is that the user need not be aware of such a forgery as a malware can do all the work. Any remarks?
 
--Muhammad

_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users
Reply | Threaded
Open this post in threaded view
|

Re: application control

Eric Leblond-2
Le mercredi 26 octobre 2005 à 12:34 +0330, Muhammad a écrit :

> Hi
>  
> I wonder how NuFW performs application control. The only piece of
> software that can decide the application name is a NuFW client. But
> the client side is under user's control, so he/she can install a
> client of his/her choice: perhaps a cracked version of the client that
> sends bogus information about the application being used. For example,
> he/she wants to use "/usr/local/bin/rsh" but finds out that only
> "/bin/ssh" is admitted. A custom client can replace the application
> name with "/bin/ssh" for all the packets. The imprtant point is that
> the user need not be aware of such a forgery as a malware can do all
> the work. Any remarks?

No, this is a well known issue and I thought it was documented somewhere
on the nufw website. I put it on my TODO list.

BR,
--
Eric Leblond <[hidden email]>



_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users