Suggestion: suppose you have setup your system with a uid that is protected by some iptables rules (call this UNTRUSTED), and futhermore also suppose that the binary that you really want to protect against is called "DOCREADER".
Well, then, you might want to consider replacing every occurence of the DOCREADER binary on your system's disk with a script that basically does this: #!/bin/sh exec sudo -u UNTRUSTED DOCREADER-original "$...@}" You might also want to consider locking this package down from a package-management-automatic-updates perspective. --kevin -- alumni.unh.edu!kdc / http://kdc-blog.blogspot.com/ GnuPG: D87F DAD6 0291 289C EB1E 781C 9BF8 A7D8 B280 F24E Wipe him down with gasoline 'til his arms are hard and mean From now on boys this iron boat's your home So heave away, boys. -- Tom Waits _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
