From james.zheng.li at gmail.com  Tue Apr  5 12:06:29 2005
From: james.zheng.li at gmail.com (Zheng Li)
Date: Sun Apr 10 16:52:13 2005
Subject: [Systrace] problem when installing usr-systrace-2004-01-26
Message-ID: <8a239a560504050906e7c9b86@mail.gmail.com>

Hi there,

I tried installing systrace on Fedora Core 1 these days.
I succesfully rebuilt the 2.4.24 kernel with systrace
patch. I downloaded and installed
libevent-1.0-2.1.fc1.rf.i386.rpm and
libevent-devel-1.0-2.1.fc1.rf.i386.rpm
from rpmfind.net

Since the system is not running with devfs, I create the
device. The systrace.h is also missing, so I copied it
to  /usr/include/linux/systrace.h. These two steps are
mentioned on systrace website.

Then, I downloaded gtk-systrace-2003-06-23.tar.gz
untarred it and successfully installed it.
However, for gtk-systrace-2003-06-23, under systrace-1.5/
after "./configurate" finishes, 
"make" prompts these error messages:
...
make[2]: Leaving directory `/root/rpms/systrace-1.5'
Making all in regress
make[2]: Entering directory `/root/rpms/systrace-1.5/regress'
gcc -DHAVE_CONFIG_H -I. -I. -I..     -g -O2 -c test_stat.c
gcc  -g -O2  -o stat  test_stat.o
Performing simple regression tests
nm:\tFAILED
uniq:\tFAILED
make[2]: *** [regress] Error 1
make[2]: Leaving directory `/root/rpms/systrace-1.5/regress'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/rpms/systrace-1.5'
make: *** [all-recursive-am] Error 2

However, for usr-systrace-2003-06-23, I installed it
(systrace-1.0) successfully.

Could anybody help me with solving this installation problem?
Thanks a lot!

James
From johnw.mail at gmail.com  Sun Apr 10 13:42:16 2005
From: johnw.mail at gmail.com (John Wong)
Date: Sun Apr 10 16:52:13 2005
Subject: [Systrace] setproctitle request
Message-ID: <d702dc4a0504101042759199d8@mail.gmail.com>

when i use "my_isp_login_program -u id -p passwd" with systrace,
the other people use "ps" command can see my "id/passwd",
can you add something like "setproctitle()" does in systrace??
(i use openbsd, thanks!!)


-------------------------------------------------------

--- systrace.c.orig	Sat Jan 24 04:51:18 2004
+++ systrace.c	Mon Apr 11 01:15:06 2005
@@ -587,44 +587,57 @@
 	int setcredentials = 0;
 	uid_t cr_uid;
 	gid_t cr_gid;
+	char title[FILENAME_MAX];
 
+	strlcpy(title, "[ ", sizeof(title));
+
 	while ((c = getopt(argc, argv, "c:aAeituUCd:g:f:p:")) != -1) {
 		switch (c) {
 		case 'c':
 			setcredentials = 1;
 			if (get_uid_gid(optarg, &cr_uid, &cr_gid) == -1)
 				usage();
+			strlcat(title, "-c ", sizeof(title));
 			break;
 		case 'a':
 			if (allow)
 				usage();
 			automatic = 1;
+			strlcat(title, "-a ", sizeof(title));
 			break;
 		case 'd':
 			policypath = optarg;
+			strlcat(title, "-d ", sizeof(title));
 			break;
 		case 'e':
 			logstderr = 1;
+			strlcat(title, "-e ", sizeof(title));
 			break;
 		case 'A':
 			if (automatic)
 				usage();
 			allow = 1;
+			strlcat(title, "-A ", sizeof(title));
 			break;
 		case 'u':
 			noalias = 1;
+			strlcat(title, "-u ", sizeof(title));
 			break;
 		case 'i':
 			inherit = 1;
+			strlcat(title, "-i ", sizeof(title));
 			break;
 		case 'g':
 			guipath = optarg;
+			strlcat(title, "-g ", sizeof(title));
 			break;
 		case 'C':
 			cradle = 1;
+			strlcat(title, "-C ", sizeof(title));
 			break;
 		case 'f':
 			filename = optarg;
+			strlcat(title, "-f ", sizeof(title));
 			break;
 		case 'p':
 			if (setcredentials)
@@ -633,12 +646,15 @@
 				warnx("bad pid: %s", optarg);
 				usage();
 			}
+			strlcat(title, "-p ", sizeof(title));
 			break;
 		case 't':
 			usex11 = 0;
+			strlcat(title, "-t ", sizeof(title));
 			break;
 		case 'U':
 			userpolicy = 0;
+			strlcat(title, "-U ", sizeof(title));
 			break;
 		default:
 			usage();
@@ -650,6 +666,11 @@
 
 	if (argc == 0 || (pidattach && *argv[0] != '/'))
 		usage();
+
+	strlcat(title, argv[0], sizeof(title));
+	strlcat(title, " ]", sizeof(title));
+
+	setproctitle(title);
 
 	systrace_parameters();

------------------------------------------------------
From johannes.nicolai at hpi.uni-potsdam.de  Thu Apr 28 03:50:43 2005
From: johannes.nicolai at hpi.uni-potsdam.de (Johannes Nicolai)
Date: Sat Apr 30 20:59:37 2005
Subject: [Systrace] Question regarding the security of systrace
Message-ID: <200504280950.43405.johannes.nicolai@hpi.uni-potsdam.de>

Hi,

I hope, that I do not annoy anybody on this list when I ask what you think 
about:
http://cert.uni-stuttgart.de/archive/bugtraq/2004/03/msg00282.html

I know that Marius has already responded to this claim in:
http://www.monkey.org/openbsd/archive/misc/0403/msg01611.html

I am not a security expert, so I ask you how serious do you think the 
mentioned "bugs" are and if there are any new information about it.

To precise my question: I like to use systrace for the next world championship 
of RealTimeBattle (http://realtimebattle.sf.net) in order to protect the 
machine for potential malicious programs (some competitors only send binary 
code) that do not only act as robots in the game but also try to do harm or 
influence other processes.

The robots can only execute a few system calls, communicate with their team 
mates via Unix Domain Sockets in a special directory and access configuration 
files in this directory.

They won't be allowed to fork or to ptrace (exevcve is okay).

I wonder whether one can exploit systrace if only this limited set of system 
calls is allowed at all.

Perhaps you can help me with this question.

Thanks in advance

Johannes Nicolai