Recent Features
| |||||||||||||
Could allow inclusion of systrace?Could allow inclusion of systrace?Posted Mar 25, 2008 10:56 UTC (Tue) by Klavs (subscriber, #10563)In reply to: Could allow inclusion of systrace? by AnswerGuy Parent article: The return of authoritative hooks
I would hope so too. I've always liked the concept of systrace - and it's simplicity is IMHO good for security.
(Log in to post comments)
Could allow inclusion of systrace? Posted Mar 26, 2008 14:53 UTC (Wed) by oak (guest, #2786) [Link] Hm. Systrace site says this on security: "Just keep in mind that ptrace has not been designed as a security primitive and while the ptrace backend can restrict the behavior of programs in non-adversarial settings, there are many ways to circumvent it." Maybe ltrace (new kernel implementation for ptrace that is supposed to solve many of its problems) could help also on this?
Could allow inclusion of systrace? Posted Mar 26, 2008 15:38 UTC (Wed) by nix (subscriber, #2304) [Link] You mean Roland McGrath's utrace? While incredibly nifty and a long-overdue revamp of the awful ptrace() interface, utrace hasn't been designed as a security enforcement mechanism either :) (however, things like UML are in effect using it as such in any case, so security-hole-inducing bugs in ptrace() *are* likely to get fixed.)
Could allow inclusion of systrace? Posted Mar 26, 2008 18:52 UTC (Wed) by oak (guest, #2786) [Link] > You mean Roland McGrath's utrace? Sorry, yes. I noticed that first/early patch(es) of it have gone to 2.6.25. > (however, things like UML are in effect using it as such in any case, so security-hole-inducing bugs in ptrace() *are* likely to get fixed.) Sounds promising. :-)
|
|||||||||||||