[Systrace] Question regarding the security of systrace

[Ray]

You should be fine.  Just add a dedicated user for running this
program, systrace -ai it and don't worry.  At the very least you
won't be worse off than running it without systrace.

-Ray-

On Thu, Apr 28, 2005 at 09:50:43AM +0200, Johannes Nicolai wrote:
> Hi,
> 
> I hope, that I do not annoy anybody on this list when I ask what you think 
> about:
> http://cert.uni-stuttgart.de/archive/bugtraq/2004/03/msg00282.html
> 
> I know that Marius has already responded to this claim in:
> http://www.monkey.org/openbsd/archive/misc/0403/msg01611.html
> 
> I am not a security expert, so I ask you how serious do you think the 
> mentioned "bugs" are and if there are any new information about it.
> 
> To precise my question: I like to use systrace for the next world championship 
> of RealTimeBattle (http://realtimebattle.sf.net) in order to protect the 
> machine for potential malicious programs (some competitors only send binary 
> code) that do not only act as robots in the game but also try to do harm or 
> influence other processes.
> 
> The robots can only execute a few system calls, communicate with their team 
> mates via Unix Domain Sockets in a special directory and access configuration 
> files in this directory.
> 
> They won't be allowed to fork or to ptrace (exevcve is okay).
> 
> I wonder whether one can exploit systrace if only this limited set of system 
> calls is allowed at all.
> 
> Perhaps you can help me with this question.
> 
> Thanks in advance
> 
> Johannes Nicolai
> _______________________________________________
> systrace mailing list
> systrace at systrace.org
> http://systrace.org/mailman/listinfo/systrace

-Ray-