On Tue, Sep 23, 2003 at 10:00:08PM -0400, David Maxwell wrote:

> > Terminating a process when a system call not in its policy is
> > attempted (only for unsupervised processes.) May help with policy
> > probing attacks, and the problem noted above with kill.
> 
> I can't think of a good use case for this yet - besides DoSing yourself.
> Perhaps if you could make sure the process would leave a core file
> around it would be useful for debugging.

If you really know exactly what a process should be doing, and have
written a policy to match, and the process starts doing something,
it has gone rogue.  Make it stop.

Take something like racoon as an example systrace'd application.
I can use systrace to alleviate general concerns about a running-as-root
network-listener being taken over and, say, overwriting my init
with a trojan.  Trying to prevent a compromised racoon (under the
control of a sophisticated attacker) from using netkey to create
inappropriate SAD entries isn't really practical - but if the
attacker gives himself away exploring what he can do...

--
Dan.