Forgot your password?
typodupeerror
Security Businesses Apple

Systrace for Mac OS X 23

Posted by pudge
from the monkeying-around dept.
Niels Provos writes in that he has added Mac OS X support for Systrace, a sandboxing/application confinement tool that can be used to increase application and service security. It installs a new kernel to support /dev/systrace and the Systrace application, and a Cocoa frontend.
This discussion has been archived. No new comments can be posted.

Systrace for Mac OS X

Comments Filter:
  • by LizardKing (5245) on Friday December 20, 2002 @08:57AM (#4928923)

    My only qualm is where is this kernel coming from and why is there no other way to run this then with a specially built kernel

    The patch is there for you to peruse, along with the Darwin kernel source. So if your feeling a little paranoid then go for it. As to why this couldn't be a module of some sort, does the Darwin version of the BSD kernel support lkm's? And even if it does, systrace operates at a much lower level than say a device driver (which is where kernel modules really come into their own).

    Chris

  • Re:Proprietary (Score:4, Informative)

    by frankie (91710) on Friday December 20, 2002 @11:50AM (#4929889) Journal
    Would be nice if darwin was released in a more open way to court more developers

    Umm... you mean, like this [opendarwin.org]?

  • by Brian Hatch (523490) <<gro.rkofi> <ta> <irb>> on Friday December 20, 2002 @12:31PM (#4930116) Homepage Journal
    UML creates a new complete kernel running inside your machine, with it's own /sbin/init process, and the whole schebang. If you want to have apache in here, that's possible, you just need to copy all it's files into the UML's filesystem, set up your host machine to relay the packets in, and other similar setup. Takes a while, but totally doable.

    Systrace on the other hand lives inside your normal kernel - you don't run any virtual machines at all. However systrace can decide what system calls a program can use, and if desired limit how they can be called. For example you could say Apache is allowed to create a bound socket to port 80, but no other port. You can say allow it to read files in /var/www/htdocs but nothing else. This means that should some user make a symlink to /etc/passwd, it can't be read. Should someone get Apache to run shellcode, it can't run /bin/sh or open a new network socket for inbound access.

    The configuration to do this is rather extensive, but anything that will be expicit must be. See the sample apache config [umich.edu] for example.

    Systrace works similarly to other kernel hardening patches, such as GRSecurity or LIDS. LIDS for example can lock down access to the filesystem (read/write/nada) and to root permissions (allow root to read non-root files, dissallow socket binding, etc) but this is different in that the systemcalls themselves have been hooked, not just some common access methods.

  • Re:Kernel vendors (Score:4, Informative)

    by jimmu (227057) on Friday December 20, 2002 @07:44PM (#4933281) Homepage
    http://www.opensource.apple.com/projects/darwin/6. 0/projects.html

    What's this? why, it looks like links to download the source for darwin. And whats that? why, it appears that you can peruse just about everything, save for Quartz.

    Note the obfuscated URL. truly, apple is going to great links to hide the source for OS X.

    I won't even mention the CVS server.

A Fortran compiler is the hobgoblin of little minis.

Working...