Date: Thu, 30 May 2002 00:15:02 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: sandboxing untrusted binaries Message-ID: <20020530001247.F16869-100000@patrocles.silby.com> In-Reply-To: <20020530025817.GA4390@no-support.loc>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 30 May 2002, Bjoern Fischer wrote: > Hello, > > OpenBSD has a new interesting feature: systrace. It is a system call > policy generator for "sandboxing" untrusted or semi-trusted binaries. > > The whole idea looks interesting. The implementation details look > relatively simple (read: not too complicated). Anyone interested in > having a closer look and maybe porting it? > > Or I will try to port it myself if at least one core member says: > "Interesting technology, send a patch..." > > http://www.citi.umich.edu/u/provos/systrace/ > > Bj=F6rn Fischer You might want to talk to Robert Watson and see if the concept overlaps or conflicts with anything he's doing as part of the TrustedBSD project. As long as systrace does not conflict with what he's doing and does not introduce the possibility of new security holes, I'm suspect that a port of the code would not meet much resistance. Go for it! Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020530001247.F16869-100000>