To compensate for network latency during playing chess games over internet, internet chess servers like Fics and Icc use proprietary protocols called timeseal and timestamp. They distribute statically linked stripped binaries which acts like a bridge between chess clients and the chess server.

To make sure these tools don’t do anything nasty, I use sydbox to sandbox them. Sydboxmaster extends network whitelisting support for network mode deny. So I use it like:

    alip@harikalardiyari> cat ~/bin/timeseal

    sydbox -N -M deny -- \
    "$HOME"/bin/ics/timeseal.Linux-i386 23

SYDBOX_NO_CONFIG makes sydbox not read its configuration file and SYDBOX_NET_WHITELIST adds the address, in this case, to the network whitelist.

edit: Highlight code.