On Mon, 2005-01-17 at 22:03, Justin Conover wrote: > http://www.systrace.org/ > > http://www.citi.umich.edu/u/provos/systrace/linux.html > > Anybody, seen/use systrace on FC? What are your thoughts about > using/adding it to FC? > > >From reading a bit about it, looks to be a very good/useful tool and > was wondering what others thought about it? Providing security via system call interception and making security decisions based on pathnames considered harmful to security; see the Flask paper available from http://www.nsa.gov/selinux/papers/flask-abs.cfm. Sadly, the systrace site acknowledges the Flask paper, but misses the point entirely... -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
