On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote: > I will be using email, Usenet, browser and occasionally file > downloading. > Nothing on my system should look/act like a server. > I want all programs to access the internet after explicitly asking > for permission. > The response to the request may be: > No > Always YES > Ask each occurrence
Programs don't generally ask for permissions; they assume that they are connected, and report failures when they can't make connections. I suppose that you could write a wrapper script for every program, so that if you invoke it through the wrapper you have opened the necessary ports, and if you invoke the program without the wrapper the connections are dropped. However, while the wrapper is being run, any copy of the program could have the same permissions. On Android systems, this issue is slightly addressed (though not in the manner you want) by having a new user added for every program, and running each program under that user-id. Since iptables can look at effective user-id when making packet accept/drop decisions, you can do per-program firewalls that way. By the way, you have an unusually brusque way of stating conditions rather than asking questions, which comes across as slightly rude. -dsr- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130423144323.gj27...@randomstring.org
