From marius at umich.edu Sat May 1 10:11:32 2004 From: marius at umich.edu (marius aamodt eriksen) Date: Sat May 1 10:11:32 2004 Subject: [Systrace] Re: [christian.giambalvo@web.de: Kernel 2.6] In-Reply-To: <20040429115705.GU2957@citi.citi.umich.edu> References: <20040429115705.GU2957@citi.citi.umich.edu> Message-ID: <20040501141132.GB14584@umich.edu> > ----- Forwarded message from Giambalvo Christian ----- > > Systrace is genial. It's just what i need to secure my machine. I would like > to use systrace with kernel 2.6.5-r1. Can you tell when there is a new > version of systrace for kernel 2.6.5 ? most likely, the 2.6.1 patch will apply cleanly to 2.6.5. try that first. if it does not, let me know, and i'll look into it. marius. -- marius a eriksen | http://www.citi.umich.edu/u/marius/ From ray at cyth.net Tue May 11 07:53:07 2004 From: ray at cyth.net (Ray) Date: Tue May 11 18:43:02 2004 Subject: [Systrace] Replacing suid programs Message-ID: <20040511115307.GA9051@cybertron.cyth.net> Hi, I'm trying to setup a completely systraced system, but I can't figure out how to get suid programs to run without suid. In order to run suid programs properly I'd need privilege elevation, which requires root to run it to begin with. Without suid, the only time I can run something as root would be to either login as root, which is obviously out of the question, or login through a daemon that was systraced from rc. That means xdm, sshd, and even inetd are possible. However, that leaves local console users out. How does everybody else do it? Thanks. -Ray- From ray at cyth.net Fri May 28 11:14:22 2004 From: ray at cyth.net (Ray) Date: Fri May 28 11:53:36 2004 Subject: [Systrace] `execve: permit' automatically inherits? Message-ID: <20040528151422.GA8263@cybertron.cyth.net> Hi, Having a rule `execve: permit' seems to automatically inherit (it acts just like `execve: true then permit[inherit]'). `execve: true then permit' doesn't have this problem. Is this expected? -Ray- From provos at citi.umich.edu Fri May 28 11:55:22 2004 From: provos at citi.umich.edu (Niels Provos) Date: Fri May 28 11:55:15 2004 Subject: [Systrace] `execve: permit' automatically inherits? In-Reply-To: <20040528151422.GA8263@cybertron.cyth.net> References: <20040528151422.GA8263@cybertron.cyth.net> Message-ID: <20040528155522.GE22379@citi.citi.umich.edu> On Fri, May 28, 2004 at 11:14:22AM -0400, Ray wrote: > Having a rule `execve: permit' seems to automatically inherit (it > acts just like `execve: true then permit[inherit]'). > `execve: true then permit' doesn't have this problem. Is this > expected? execve: permit means that the kernel will just execute any execve() system call and not even consult Systrace about it. At that point, Systrace does not know that new binaries are executed. So, for execve, you always need to specify a rule, the simplest one would be: execve: true then permit Niels.