Bug#363633: RFP: systrace -- Interactive Policy Generation for System Calls

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#363633: RFP: systrace -- Interactive Policy Generation for System Calls
From: Sam Morris <sam@robots.org.uk>
Date: Thu, 20 Apr 2006 01:39:14 +0100
Message-id: <[🔎] E1FWNCU-0006FX-Ca@xerces>
Reply-to: Sam Morris <sam@robots.org.uk>, 363633@bugs.debian.org

Package: wnpp
Severity: wishlist

  Package name    : systrace
  Version         : 1.6c
  Upstream Author : Niels Provos
  URL             : http://www.citi.umich.edu/u/provos/systrace/
  License         : BSD
  Description     : Interactive Policy Generation for System Calls

Systrace enforces system call policies for applications by
constraining the application's access to the system. The
policy is can be generated interactively; operations not covered
by the policy raise an alarm and allow an user to refine the
currently configured policy, or deny the unauthorised operation.

 * Confines untrusted binary applications
 * Interactive policy generation with optional graphical interface
 * Non-interactive policy enforcement
 * System call argument rewriting
 * Remote monitoring and intrusion detection

Systrace has two backends; one of them requires a kernel patch. The
other backend uses the ptrace system call. It is slower and not as
feature-full as the kernel backend.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.16-1-k7
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Reply to:

Prev by Date: Bug#285163: marked as done (ITA: music123 -- A command-line shell for sound-file)
Next by Date: Bug#363581: ITP: tremulous -- Team based FPS game with elements of an RTS
Previous by thread: Bug#285163: marked as done (ITA: music123 -- A command-line shell for sound-file)
Next by thread: Bug#287804: New sim package (based on sim-im) ready
Index(es):
- Date
- Thread