Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Systrace 1.6: Phoenix Release

from [Niels Provos] Network Security [Permanent Link]
Subject: Systrace 1.6: Phoenix Release
Date: Fri, 24 Mar 2006 22:16:29 -0800 
It's been a while since my last post to Bugtraq and it's been over
three years since I first announced Systrace.  Here is:

Systrace 1.6: Phoenix Release
---------------------------------------

You all know that Systrace ships by default with OpenBSD and NetBSD. 
However, Linux adoption has been hindered due to our inability of
getting our system call interposition interface integrated into the
kernel.  To make at least some of Systrace available to users who do
not want to patch their kernel, I recently took some time to implement
a Ptrace-based backend.  It's not complete yet but does not require
any kernel changes and many applications work just fine with it.

A quick reminder of what Systrace provides

  - confinement of complex or untrusted binary applications.
  - interactive policy generation with graphical user interface.
  - support for different emulations:
       GNU/Linux, BSDI, etc..
  - non-interactive policy enforcement.
  - remote monitoring and intrusion detection.
  - automatic policy generation.
  - privilege elevation: no more suid binaries on your system

Just to be clear Systrace is not and does not want to be a MAC system.
 However, it works great for securing your honeypot, experimenting
with malware, removing suid binaries from your system, etc.

Here is what a ptrace-based backend cannot provide:
  - tight security: a clever attacker can escape some of the sandbox
by using cooperating threads to bypass the monitor.
  - performance: ptrace is very slow compared to native Systrace
support in the kernel
  - transparency: ptrace is very intrusive.  child status waiting,
process groups, signal masking, etc. need to be emulated in userland. 
Yuck.
  - privilege elevation: not possible with ptrace
  - running binaries under emulation

In any case, give Systrace a spin:

 http://www.citi.umich.edu/u/provos/systrace/systrace-1.6.tar.gz - main sandbox
  http://www.citi.umich.edu/u/provos/systrace/gtk-systrace-2003-06-23.tar.gz
- graphical frontend

You can find more information at

  http://www.citi.umich.edu/u/provos/systrace/

If you like Systrace, install Marius Eriksen's excellent kernel
patches for Linux:

  http://www.citi.umich.edu/u/provos/systrace/linux.html

Regards,
  Niels Provos.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Systrace 1.6: Phoenix Release, Niels Provos <=
Previous by Date:  Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Gadi Evron
Next by Date:  [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability, alex
Previous by Thread:  VihorDesing Script Remote Command Exucetion And Cross Scripting Attack, botan
Next by Thread:  [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability, alex
Indexes:  [Date] [Thread] [Top] [All Lists]