Opened 6 years ago

Last modified 2 months ago

#10727 new enhancement

Security server - watching internet and terminal processes

Reported by: lelldorin Owned by: nobody
Priority: normal Milestone: Unscheduled
Component: Servers Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All

Description

Hello guys,

it would be funny to have a security server running on haiku, who control all internet and terminal processes before they run. With options to activate and deactivate.

Example internet:

A application will connect to the internet. a dialog inform the user about this process. the user need to accept it. so software can not connect with the internet to mage updates or uploads without knowing of the user.

Example terminal:

A application use a terminal program. the user gets a dialog to accept this process.

Why this is importand:

for example, if someone writes a program for the shell who send mail without any knowing of the user (sending private data).

The user should know that is the system doing

Greetings lelldorin

Change History (8)

comment:1 by mmu_man, 6 years ago

Priority: criticalnormal

You mean a firewall?

comment:2 by lelldorin, 6 years ago

No i mean a server running in the background checking connections from apps to the internet and using terminal tool in the background

comment:3 by umccullough, 6 years ago

These days, most firewall software generally does that - it monitors connections going in and out, and allows a user (or administrator) to specifically authorize certain applications to access the internet while others cannot (or warn the user when they do).

Windows, for example, comes with such functionality built-in now, although most users never actually configure or use it.

comment:4 by lelldorin, 6 years ago

This is not the same. A included server running in the background are better like a 3rd party software.

comment:5 by diver, 3 years ago

Component: - GeneralServers
Milestone: R1Unscheduled

Sounds like a great 3rd party opportunity to me :)

comment:6 by lelldorin, 2 months ago

Could be something for gsoc?

comment:7 by pulkomandy, 2 months ago

ideas for GSoC are the easy part, what we need for them is people with knowledge of the related code and time to do the mentoring. Usually it takes more time to mentor the student than to implement things yourself.

In any case, I think we will consider something similar to Android where the user is asked whenever something happens (access to the local filesystem, geolocalization, network requests, ...). But it is probably a thing to keep for R2.

comment:8 by return_0e, 2 months ago

For further inspiration for anyone interested in this, this idea is essentially similar or exactly resembling a system-wide application firewall called Little Snitch only for macOS. [0]

The idea of a Haiku equivalent I think sounds GSoC worthy to implement as a third party component would be very useful.

[0] https://www.obdev.at/products/littlesnitch/index.html

Note: See TracTickets for help on using tickets.