Subject: Re: systrace features?
To: Daniel Carosone <>
From: Charles Blundell <>
List: tech-security
Date: 09/24/2003 10:51:33
on Wed, Sep 24, 2003 at 07:30:25PM +1000, Daniel Carosone wrote:
> I was thinking something more like (in the policy)
>   netbsd-fswrite: filename eq "/etc/master.passwd" then kill
> or even
>   netbsd-connect: sockaddr match "/tmp/.X11-unix/* then signal SIGSTOP

Hm, if you're running a process with:
	systrace -ak blah
why have netbsd-fswrite for /etc/master.passwd at all?
> I'm not sure there are enough signals that would really be interesting
> enough to be worth implementing the latter mechanism, but it's an
> idea to consider.

As David suggested, there could be something useful in a core dump,
but I am not so sure about specifying this per explicit policy rule.