From owner-freebsd-hackers  Wed May 29 21:55:40 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from rover.village.org (rover.bsdimp.com [204.144.255.66])
	by hub.freebsd.org (Postfix) with ESMTP id E8E8237B410
	for <freebsd-hackers@FreeBSD.ORG>; Wed, 29 May 2002 21:55:23 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.11.3/8.11.3) with ESMTP id g4U4tMY33819;
	Wed, 29 May 2002 22:55:22 -0600 (MDT)
	(envelope-from imp@village.org)
Received: from localhost (warner@rover2.village.org [10.0.0.1])
	by harmony.village.org (8.11.6/8.11.6) with ESMTP id g4U4tLG42041;
	Wed, 29 May 2002 22:55:21 -0600 (MDT)
	(envelope-from imp@village.org)
Date: Wed, 29 May 2002 22:55:01 -0600 (MDT)
Message-Id: <20020529.225501.134206046.imp@village.org>
To: bfischer@Techfak.Uni-Bielefeld.DE
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: sandboxing untrusted binaries
From: "M. Warner Losh" <imp@village.org>
In-Reply-To: <20020530025817.GA4390@no-support.loc>
References: <20020530025817.GA4390@no-support.loc>
X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

In message: <20020530025817.GA4390@no-support.loc>
            Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE> writes:
: Hello,
: 
: OpenBSD has a new interesting feature: systrace. It is a system call
: policy generator for "sandboxing" untrusted or semi-trusted binaries.
: 
: The whole idea looks interesting. The implementation details look
: relatively simple (read: not too complicated). Anyone interested in
: having a closer look and maybe porting it?
: 
: Or I will try to port it myself if at least one core member says:
: "Interesting technology, send a patch..."
: 
: http://www.citi.umich.edu/u/provos/systrace/

The SecureBSD folks did something similar to an old version of
FreeBSD, but had such a restrictive license that no one ever
investigated merging it into the mainline.

Way cool idea.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message