Subject: Re: systrace features?
To: None <>
From: Charles Blundell <>
List: tech-security
Date: 09/30/2003 08:26:40
on Mon, Sep 29, 2003 at 12:32:50PM -0400, Niels Provos wrote:
> Fault injection to test error handling is a very useful.  However,
> I do not think that it should be part of systrace proper.  Currently,
> systrace already allows you to specify a separate frontend.  In the
> past, I have written simple shell scripts to introduce random faults
> in system calls using Systrace.  Just do something like
>   systrace -g ./faultinjectionwrapper cat /etc/myname

Cunning. Ok. scratch -r in systrace.

> > Terminating a process when a system call not in its policy is
> > attempted (only for unsupervised processes.) May help with policy
> > probing attacks, and the problem noted above with kill.
> That may be useful.  A kill action by itself may be good, too.

okiedokie. The patch included some modifications which would make a kill
action easier too. I'll do this when I have a bit more time.