Tuesday, February 08, 2005

systrace in OpenBSD

OpenBSD Logo

Just thought I'd mention a nice sample chapter from Secure Architectures with OpenBSD that's been posted online.

It serves as a nice beginners tutorial for all you systrace n00bs out there. Excerpt:

The OpenBSD default system comes with a policy enforcement tool named systrace, which provides a way to monitor, intercept, and restrict system calls. The systrace facility acts as a wrapper to the executables, shepherding their traversal of the system call table. The systrace facility then intercepts the system calls and, using the systrace device, processes them through the kernel and handles the system calls.

Getting started with systrace is quite easy. You can run your programs under systrace, generate policies based on the observed behavior, and then enforce this policy on the program in subsequent runs. There are, however, two problems with this approach:


Post a Comment

<< Home