LibNetBlock (LIBrary for Blocking Network access) is a library which partially
(read below for limitations) ensures that no program under its control can use the
network. LibNetBlock does this by intercepting calls to some C library functions and
replacing them by its own substitutes.
Requirements for compiling:
- a non-root account. Please, NEVER compile or
make anything as root.
- a working C compiler (C++ compilers won't work due to variable casts)
- development package for the C library (like glibc-devel and glibc-headers).
- Note that some glibc versions (2.11 is known of this) have a bug in their
dl(v)sym implementation, which may cause LibSecRm to hang during searching
for the original versions of the substituted C functions. If you observe
this, it is best to upgrade glibc. If not possible, you can start deleting
substituted functions from open() and check each time it your current
version started to work (yes, this decreases security).
- The sys/stat.h contains functions needed to check an executable's type.
If it is a symbolic link, LibNetBlock will follow it.
- The dlfcn.h header contains functions needed to call the original functions.
It has to have RTLD_NEXT defined. LibNetBlock wouldn't work without this, so it
won't compile without this.
- libdl, the dynamic loading library, with its development package
(unless the required functions are in the C library)
./configure to configure the library for your system.
If you want to enable the public interface of LibNetBlock, configure the
The public interface is compatible with SWIG, so
you can make native bindings to LibNetBlock for any supported language.
LibNetBlock allows some programs to be banned (not allowed to run under
LibNetBlock, because they might need accesss to the network). One banning
file is always supported -
/usr/local/etc unless set otherwise during configure).
If you want to disable additional banning files pointed to by environment
variables, configure the library with
If you want to disable additional banning files in users' home directories,
configure the library with
make to compile the library.
Documentation comes complied (and can be copied right away), but can be changed
and recompiled, if you have the
makeinfo program (
make install to install the library. Read the docs on how to make the library running.
info libnetblock (after installation) or
(before installation) to get help.
- libc.so.6 (GLIBC_2.4)
- libdl.so.2 (GLIBC_2.1)
THE LIBRARY HAS BEEN TESTED, BUT IT MAY NOW OR LATER CONTAIN ERRORS, WHICH MAY LEAD TO
INCORRECT PROGRAM BEHAVIOUR. READ THE LICENSE FOR A WARRANTY (THERE IS NONE).
LibNetBlock can do nothing if:
- A program is using direct kernel calls or non-standard calls,
thus bypassing even the C library
- LibNetBlock is not loaded (read the "Installing" chapter in the "info" docs).
- A program is linked statically (so it doesn't use shared libraries and has all
the functions compiled in it).
- The operating system doesn't support shared libraries (like DOS)
- The operating system doesn't support preloading shared libraries before system libraries.
- LibNetBlock is enabled by setting environment variables and a program is launched by another
program, which clears the environment
variables used by the dynamic linker, so the dynamic linker doesn't preload
LibNetBlock. Some Java Runtime Environments seem to do this.
LibNetBlock compiles on the following systems:
- Fedora 12 GNU/Linux (i686 CPU)
- Mandriva 2011 GNU/Linux (i686 CPU)
- Debian 5.0 GNU/Linux (x86 CPU)
Current version is 1.0.
Download this at SourceForge.
My projects on SourceForge
- Wipe Free Space - a
program for cleaning of free space on filesystems
- LibSecRm - a security
wrapper library for C library functions which insecurely delete data
- JYMAG - a program for Sagem mobile phones
- IMYplay - a program
for playing iMelody ringtones (IMY files) and an IMY-to-MIDI converter
- LibHideIP - a security wrapper
library for C library functions which could lead to revealing your local IP address
- LibNetBlock - a security wrapper
library that ensures that no program under its control can access the network
My other software
See my other free software:
See also my assembly-related free software:
- KonqSec - a set of Konqueror security-related context menu entries
- SOAP Service Tester - a program for testing SOAP services
- Certificate and key generators
- E-mail address verifier
- LastMod - a script that inserts or updates a META element with the
Last-Modified HTTP header
- Atom2Rss - a script that converts an Atom channel XML file
to an RSS 2.0 XML file
- List2Atom - a script that generates an Atom channel XML file from a list of files
- InSyTrack - software to track program flow (calls) across libraries,
threads, programming languages or even different systems on different
- AsmDoc - a HTML documentation generator for assembly language
- source converters between NASM, FASM and GAS
- C header to assembly header converters
- Kate/KWrite syntax highlighting for NASM/FASM
- some FASM macros
- Makefile generator for FASM
- Linux 2.6 kernel module helper for FASM
- A set of Autoconf macros
- Assembly converter for Doxygen
- Asm::X86 Perl module
Contact me: bogdro AT users . sourceforge . net (English accepted, just say '[SOFT]' in the title).
My public certificate:
Certificate MD5 fingerprint:
Certificate SHA1 fingerprint:
Issuer certificate: der format
Issuer certificate MD5 fingerprint:
Issuer certificate SHA1 fingerprint:
Revocation list of the previous certificates:
My public GnuPG /
Key SHA1 fingerprint:
E91E 699F 1026 D0EF 745E EC3B 353A D368 1C56 DA1E
This page is hosted at SourceForge.net.
This page is written using valid
, for all browsers:
This page uses a valid
This page has a content security policy.
This page doesn't use GIF images
and doesn't use JPG images.