Quote:
Originally Posted by Oko
...there has been no work on systrace in past 3-4 years.
|
2.5 years. Integration of systrace 1.6d occured July '06. (1.6f was announced this month).
The developer, Niels Provos, stated in response to security questions
Quote:
Just keep in mind that ptrace has not been designed as a security primitive and while the ptrace backend can restrict the behavior of programs in non-adversarial settings, there are many ways to circumvent it.
|
Systrace was indeed an interesting application security management tool; but with the demise of the Hairy Eyeball project, general-purpose interest waned.
It's still used within OpenBSD, particularly for port development. I wouldn't develop a port, or submit one for the tree unless the port build was protected and tested with USE_SYSTRACE=Yes.