Could allow inclusion of systrace?
Posted Mar 22, 2008 4:28 UTC (Sat) by AnswerGuy
Parent article: The return of authoritative hooks
Perhaps this consolidation will also pave the way for the inclusion of Niels Provos' systrace patches.
Systrace implements a brilliant, elegant, approach to security, by allowing any user to interpose a set of "firewall" rules between the code that they run and the kernel (via the system call APIs).
This approach is vastly simpler than SELinux, which loads up the system with a large number of additional labels (domains, types, roles), and which add additional options to many commands (the -Z flags to ls, ps, etc.) and is generally impossible for mere mortal to comprehend
Systrace allows a normal user to create a policy and limit the access by programs, without giving the user any additional systems level permissions beyond what he or she already had. (It essentially uses the ptrace mechanism). So a user can, for example, run Mozilla while restricting it read/write open() calls to just the ~/.mozilla and ~/Downloads directories. In that example a compromised Mozilla can only write to those two directories and can't plant a trojan in your ~/bin directory, for example.
Another advantage of systrace is that it's already included in NetBSD and OpenBSD, and available for OpenSolaris, and FreeBSD. That makes it the only viable security enhancement to UNIX-like systems which is cross-platform.
to post comments)