lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 24 Mar 2006 22:16:29 -0800
From: "Niels Provos" <provos@...i.umich.edu>
To: bugtraq@...urityfocus.com
Subject: Systrace 1.6: Phoenix Release


It's been a while since my last post to Bugtraq and it's been over
three years since I first announced Systrace.  Here is:

Systrace 1.6: Phoenix Release
---------------------------------------

You all know that Systrace ships by default with OpenBSD and NetBSD. 
However, Linux adoption has been hindered due to our inability of
getting our system call interposition interface integrated into the
kernel.  To make at least some of Systrace available to users who do
not want to patch their kernel, I recently took some time to implement
a Ptrace-based backend.  It's not complete yet but does not require
any kernel changes and many applications work just fine with it.

A quick reminder of what Systrace provides

  - confinement of complex or untrusted binary applications.
  - interactive policy generation with graphical user interface.
  - support for different emulations:
       GNU/Linux, BSDI, etc..
  - non-interactive policy enforcement.
  - remote monitoring and intrusion detection.
  - automatic policy generation.
  - privilege elevation: no more suid binaries on your system

Just to be clear Systrace is not and does not want to be a MAC system.
 However, it works great for securing your honeypot, experimenting
with malware, removing suid binaries from your system, etc.

Here is what a ptrace-based backend cannot provide:
  - tight security: a clever attacker can escape some of the sandbox
by using cooperating threads to bypass the monitor.
  - performance: ptrace is very slow compared to native Systrace
support in the kernel
  - transparency: ptrace is very intrusive.  child status waiting,
process groups, signal masking, etc. need to be emulated in userland. 
Yuck.
  - privilege elevation: not possible with ptrace
  - running binaries under emulation

In any case, give Systrace a spin:

 http://www.citi.umich.edu/u/provos/systrace/systrace-1.6.tar.gz - main sandbox
  http://www.citi.umich.edu/u/provos/systrace/gtk-systrace-2003-06-23.tar.gz
- graphical frontend

You can find more information at

  http://www.citi.umich.edu/u/provos/systrace/

If you like Systrace, install Marius Eriksen's excellent kernel
patches for Linux:

  http://www.citi.umich.edu/u/provos/systrace/linux.html

Regards,
  Niels Provos.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ