Thread: OpenSolaris equivalent of systrace?
View Single Post
  #7   (View Single Post)  
Old 27th January 2009
DraconianTimes's Avatar
DraconianTimes DraconianTimes is offline
Security Geek
  
Join Date: May 2008
Location: United Kingdom
Posts: 37
Default
Quote:
Originally Posted by Oko View Post
That is lame. Can't you do last to things just withe permissions? Even with
the root access the last two goals can be easily accomplished in BSD world with flags and
kernel security levels. First one looks to me could be easily done with PF.
Regarding your first point, PF can control access to 80/tcp, but that is system wide - It won't let me tie it down to a specific application.
As for security levels, IIRC the OpenBSD team had actually dismissed them. I haven't got the link to hand, but there were a couple of interviews with senior devs who had said the concept was flawed.

I'll try to dig out the links when I get home tonight.

Cheers.

UPDATE 2009-01-27 2205Z

Here's the link regarding secure levels: http://www.theregister.co.uk/2006/01...evel_bsd_unix/
Last edited by DraconianTimes; 27th January 2009 at 10:07 PM. Reason: update info
Reply With Quote