View Single Post
  #4   (View Single Post)  
Old 26th January 2009
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by Oko View Post
...there has been no work on systrace in past 3-4 years.
2.5 years. Integration of systrace 1.6d occured July '06. (1.6f was announced this month).

The developer, Niels Provos, stated in response to security questions
Quote:
Just keep in mind that ptrace has not been designed as a security primitive and while the ptrace backend can restrict the behavior of programs in non-adversarial settings, there are many ways to circumvent it.
Systrace was indeed an interesting application security management tool; but with the demise of the Hairy Eyeball project, general-purpose interest waned.

It's still used within OpenBSD, particularly for port development. I wouldn't develop a port, or submit one for the tree unless the port build was protected and tested with USE_SYSTRACE=Yes.

Last edited by jggimi; 26th January 2009 at 06:27 PM.
Reply With Quote