Subject: Re: systrace features?
To: David Maxwell <email@example.com>
From: Daniel Carosone <firstname.lastname@example.org>
Date: 09/24/2003 18:11:58
On Tue, Sep 23, 2003 at 10:00:08PM -0400, David Maxwell wrote:
> > Terminating a process when a system call not in its policy is
> > attempted (only for unsupervised processes.) May help with policy
> > probing attacks, and the problem noted above with kill.
> I can't think of a good use case for this yet - besides DoSing yourself.
> Perhaps if you could make sure the process would leave a core file
> around it would be useful for debugging.
If you really know exactly what a process should be doing, and have
written a policy to match, and the process starts doing something,
it has gone rogue. Make it stop.
Take something like racoon as an example systrace'd application.
I can use systrace to alleviate general concerns about a running-as-root
network-listener being taken over and, say, overwriting my init
with a trojan. Trying to prevent a compromised racoon (under the
control of a sophisticated attacker) from using netkey to create
inappropriate SAD entries isn't really practical - but if the
attacker gives himself away exploring what he can do...