From owner-freebsd-hackers  Wed May 29 19:58:31 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mailout07.sul.t-online.com (mailout07.sul.t-online.com [194.25.134.83])
	by hub.freebsd.org (Postfix) with ESMTP id AC71937B401
	for <freebsd-hackers@freebsd.org>; Wed, 29 May 2002 19:58:25 -0700 (PDT)
Received: from fwd11.sul.t-online.de 
	by mailout07.sul.t-online.com with smtp 
	id 17DG8u-0002fB-02; Thu, 30 May 2002 04:58:24 +0200
Received: from no-support.loc (520094253176-0001@[80.130.220.233]) by fmrl11.sul.t-online.com
	with esmtp id 17DG8t-0a1xK4C; Thu, 30 May 2002 04:58:23 +0200
Received: from frolic.no-support.loc (localhost.no-support.loc [127.0.0.1])
	by no-support.loc (8.12.3/8.12.3) with ESMTP id g4U2wIZw004402
	for <freebsd-hackers@FreeBSD.ORG>; Thu, 30 May 2002 04:58:18 +0200 (CEST)
	(envelope-from bjoern@frolic.no-support.loc)
Received: (from bjoern@localhost)
	by frolic.no-support.loc (8.12.3/8.12.3/Submit) id g4U2wIUM004401
	for freebsd-hackers@FreeBSD.ORG; Thu, 30 May 2002 04:58:18 +0200 (CEST)
From: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
Date: Thu, 30 May 2002 04:58:18 +0200
To: freebsd-hackers@FreeBSD.ORG
Subject: sandboxing untrusted binaries
Message-ID: <20020530025817.GA4390@no-support.loc>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Mutt/1.3.99i
X-Sender: 520094253176-0001@t-dialin.net
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Hello,

OpenBSD has a new interesting feature: systrace. It is a system call
policy generator for "sandboxing" untrusted or semi-trusted binaries.

The whole idea looks interesting. The implementation details look
relatively simple (read: not too complicated). Anyone interested in
having a closer look and maybe porting it?

Or I will try to port it myself if at least one core member says:
"Interesting technology, send a patch..."

http://www.citi.umich.edu/u/provos/systrace/

Bj=F6rn Fischer


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message