Subject: Re: systrace features?
To: Daniel Carosone <email@example.com>
From: Charles Blundell <firstname.lastname@example.org>
Date: 09/24/2003 10:51:33
on Wed, Sep 24, 2003 at 07:30:25PM +1000, Daniel Carosone wrote:
> I was thinking something more like (in the policy)
> netbsd-fswrite: filename eq "/etc/master.passwd" then kill
> or even
> netbsd-connect: sockaddr match "/tmp/.X11-unix/* then signal SIGSTOP
Hm, if you're running a process with:
systrace -ak blah
why have netbsd-fswrite for /etc/master.passwd at all?
> I'm not sure there are enough signals that would really be interesting
> enough to be worth implementing the latter mechanism, but it's an
> idea to consider.
As David suggested, there could be something useful in a core dump,
but I am not so sure about specifying this per explicit policy rule.