Subject: Re: Privilege Elevation with systrace
To: Simon J. Gerraty <>
From: Niels Provos <>
List: current-users
Date: 10/12/2002 08:31:51
On Sat, Oct 12, 2002 at 01:16:55AM -0700, Simon J. Gerraty wrote:
> I'm not familiar with systrace, but I _hope_ the policy can be more 
> specific than that? 
> The above looks like it would allow any program to open raw sockets
> "as root".  Just what I'd need if wanting to run rawpkt or whatever to
> spew fordged packets into the net ;-)
I suggest that you read the man page and study the web page to get
some more background information on the usage of systrace.  Have a
look at

Of course, policies are program specific, and privilege elevation is
used to allow a single system call to run as e.g. root instead of the
whole process.