systrace + selinux + fedora core 4ish? - selinux - Fedora Mailing-Lists

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

systrace + selinux + fedora core 4ish?

FEDORA CORE 3.0 MANUAL

SELinux on CentOS 3.4?

Justin Conover

Monday, 17 January 2005 Mon, 17 Jan '05

9:03 p.m.

http://www.systrace.org/ http://www.citi.umich.edu/u/provos/systrace/linux.html Anybody, seen/use systrace on FC? What are your thoughts about using/adding it to FC?

From reading a bit about it, looks to be a very good/useful tool and

was wondering what others thought about it?

Reply

Show replies by date

Colin Walters

Monday, 17 January Mon, 17 Jan

9:36 p.m.

On Mon, 2005-01-17 at 21:03 -0600, Justin Conover wrote:

http://www.systrace.org/ http://www.citi.umich.edu/u/provos/systrace/linux.html Anybody, seen/use systrace on FC? What are your thoughts about using/adding it to FC? >From reading a bit about it, looks to be a very good/useful tool and was wondering what others thought about it?

My opinion is that it is essentially an inferior implementation of much of the functionality SELinux provides. It does have some additional features like the dynamic privilege elevation that seem possibly useful, but I don't think it makes sense to use systrace just for that. For example, from the "usr_sbin_httpd" policy: (http://www.citi.umich.edu/u/provos/systrace/usr_sbin_httpd): native-kill: permit As far as I can tell, this rule permits the "unprivileged" httpd to kill any other process it wants with the same uid, and should the root portion be compromised, any process can be killed. The language just doesn't allow you to express anything more fine-grained like the SELinux TE language does.

Reply

Valdis.Kletnieks＠vt.edu

Tuesday, 18 January Tue, 18 Jan

1:43 a.m.

On Mon, 17 Jan 2005 22:36:51 EST, Colin Walters said:

My opinion is that it is essentially an inferior implementation of much of the functionality SELinux provides. It does have some additional features like the dynamic privilege elevation that seem possibly useful, but I don't think it makes sense to use systrace just for that.

I admit not having read the Systrace stuff yet. Are there any features that SELinux would benefit from implementing similar functionality?

Reply

Stephen Smalley

8:08 a.m.

On Mon, 2005-01-17 at 22:03, Justin Conover wrote:

http://www.systrace.org/ http://www.citi.umich.edu/u/provos/systrace/linux.html Anybody, seen/use systrace on FC? What are your thoughts about using/adding it to FC? >From reading a bit about it, looks to be a very good/useful tool and was wondering what others thought about it?

Providing security via system call interception and making security decisions based on pathnames considered harmful to security; see the Flask paper available from http://www.nsa.gov/selinux/papers/flask-abs.cfm. Sadly, the systrace site acknowledges the Flask paper, but misses the point entirely... -- Stephen Smalley <sds(a)epoch.ncsc.mil> National Security Agency

Reply

7035

days inactive

7035

days old

selinux@lists.fedoraproject.org

Manage subscription

3 comments

4 participants

tags (0)

participants (4)

Colin Walters
Justin Conover
Stephen Smalley
Valdis.Kletnieks＠vt.edu