[Systrace] Question regarding the security of systrace
Johannes Nicolai
johannes.nicolai at hpi.uni-potsdam.de
Thu Apr 28 03:50:43 EDT 2005
Hi,
I hope, that I do not annoy anybody on this list when I ask what you think
about:
http://cert.uni-stuttgart.de/archive/bugtraq/2004/03/msg00282.html
I know that Marius has already responded to this claim in:
http://www.monkey.org/openbsd/archive/misc/0403/msg01611.html
I am not a security expert, so I ask you how serious do you think the
mentioned "bugs" are and if there are any new information about it.
To precise my question: I like to use systrace for the next world championship
of RealTimeBattle (http://realtimebattle.sf.net) in order to protect the
machine for potential malicious programs (some competitors only send binary
code) that do not only act as robots in the game but also try to do harm or
influence other processes.
The robots can only execute a few system calls, communicate with their team
mates via Unix Domain Sockets in a special directory and access configuration
files in this directory.
They won't be allowed to fork or to ptrace (exevcve is okay).
I wonder whether one can exploit systrace if only this limited set of system
calls is allowed at all.
Perhaps you can help me with this question.
Thanks in advance
Johannes Nicolai
More information about the systrace
mailing list