systrace is an OpenBSD tool that allows administrators to monitor, intercept, and restrict system calls. Find out how to get started using systrace in this chapter from ‘Secure Architectures with OpenBSD’.
systrace is an OpenBSD tool that allows administrators to monitor, intercept, and restrict system calls. Find out how to get started using systrace in this chapter from ‘Secure Architectures with OpenBSD’.
is there a similar capability in netbsd / freebsd for restricting system calls for an executable?
further, is it possible to set an executable to run as a non-root user and call a set of specified privileged system calls? this would mean that the rest of the eecutables system calls that don’t need root privileges don’t need to run as root – particularly useful for modified or compromised binaries.
by the way – i bought the book and it has nothing to do with architectures … its just a collection of how-tos for some of the security related technoloies within openbsd – a sporadic bottom up approach tp security – certainly not what the title implies!
so does this mean SUN should start bashing OpenBSD for not having a tracer, much like they bashed Linux for LTT?
so does this mean SUN should start bashing OpenBSD for not having a tracer, much like they bashed Linux for LTT?
______________________________________________________________
This article is about *BSD (OpenBSD), not about:
1) Sun
2) Linux
3) Not Holy Wars
4) Not about anything else
Please leave that antagonistic philosophys outside the forum and let the users of other OS’ have their discussions.
>is there a similar capability in netbsd / freebsd for restricting system calls for an executable?
It is in NetBSD.
And for the uninitiated, this is very similar to the NSD SELinux, except it among others uses *nix group/users, not
specialiced principals like selinux.
Niels Provos (the guy who created systrace) is now a NetBSD developer and systrace comes included in NetBSD 2.0.
As for NetBSD, see:
http://www.netbsd.org/Releases/formal-2.0/NetBSD-2.0.html#security
“It is in NetBSD.
And for the uninitiated, this is very similar to the NSD SELinux, except it among others uses *nix group/users, not
specialiced principals like selinux.”
selinux is far more sophisticated and flexible than systrace is. selinux is more comparable to trusted solaris rather than systrace
You can also mention TrustedBSD.
http://www.trustedbsd.org/
I thought most (of not all) enhancements from TrustedBSD were merged into FreeBSD 5.x.
“further, is it possible to set an executable to run as a non-root user and call a set of specified privileged system calls? this would mean that the rest of the eecutables system calls that don’t need root privileges don’t need to run as root – particularly useful for modified or compromised binaries.”
Priviledge escalation is available.
See the homepage:
Download
Systrace is distributed under a BSD-style license and has been integrated into NetBSD, OpenBSD and OpenDarwin. NetBSD-current contains the most recent Systrace source code. You can use AnonCVS to access it. At the moment, systrace supports native and Linux binaries.
Ports
* GNU/Linux port is finished and kernel patch is maintained actively by Marius Eriksen.
* Mac OS X port is almost complete; currently unmaintained due to lack of hardware.
* FreeBSD port by Rich Murphey; in progress.
http://niels.xtdnet.nl/systrace/
apt-cache search systrace
(or emerge, or …)
How is it different for strace I have in each linux distro?..