Am 18.03.2009 um 22:37 schrieb Christos Zoulas:
What are you using systrace for?
Restricting the syscalls programs can do so if they start to do strange things, they can't impact the system. For example, if my torrent client should not be able to write to any other path and ~/ torrent.
This does two nice things at once: It stops programs that gone wild and it stops exploited programs (yes, I know, it's not a way to say "Hey, I'm save, if that program's exploited, it can't do anything bad!" - it's just an extra security for the time until you update to a fixed version of the package. It doesn't fix the problem, I know, but it makes it harder to exploit, which is a good thing.)
-- Jonathan
Attachment:
PGP.sig
Description: Signierter Teil der Nachricht