Systrace

Systrace
Original author(s) Niels Provos
Stable release
1.6g / March 15, 2009 (2009-03-15)
Operating system Unix-like
Type Computer security
License BSD-like
Website www.citi.umich.edu/u/provos/systrace/

Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities. It was developed by Niels Provos and runs on various Unix-like operating systems.

Systrace is particularly useful when running untrusted or binary-only applications and provides facilities for privilege elevation on a system call basis, helping to eliminate the need for potentially dangerous setuid programs. It also includes interactive and automatic policy generation features, to assist in the creation of a base policy for an application.

Systrace used to be integrated into OpenBSD, but was removed in April 2016[1][2] It is available for Linux and Mac OS X, although the OS X port is currently unmaintained. It was removed from NetBSD at the end of 2007 due to several unfixed implementation issues. As of version 1.6f Systrace supports 64-bit Linux 2.6.1 via kernel patch.

Features

Systrace supports the following features:

Vulnerability history

Systrace has had some vulnerabilities in the past, including:

See also

References

  1. Unangst, Ted (25 April 2016). "boom goes the dynamite". openbsd-cvs (Mailing list). Retrieved 17 May 2016.
  2. Unangst, Ted (25 April 2016). "remove systrace". openbsd-cvs (Mailing list). Retrieved 17 May 2016.
This article is issued from Wikipedia - version of the 10/31/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.