On Sat, Oct 12, 2002 at 01:16:55AM -0700, Simon J. Gerraty wrote:
> I'm not familiar with systrace, but I _hope_ the policy can be more 
> specific than that? 
> The above looks like it would allow any program to open raw sockets
> "as root".  Just what I'd need if wanting to run rawpkt or whatever to
> spew fordged packets into the net ;-)
I suggest that you read the man page and study the web page to get
some more background information on the usage of systrace.  Have a
look at

  http://www.citi.umich.edu/u/provos/systrace/

Of course, policies are program specific, and privilege elevation is
used to allow a single system call to run as e.g. root instead of the
whole process.

Niels.