Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

29.7 Limitations of systrace

Despite its many features, systrace has a number of limitations that bear mentioning. First, it lacks a facility to specify that you can “permit once” for a system call, such as binding to a socket. This can allow an attacker to recycle a system call, potentially at elevated privilege.

Second, system calls have no exclusive or. For example, an application might be permitted to open a file or a device, but not both. This weakness could ultimately be leveraged by an attacker who seeks to do more than a program was intended to do.

Lastly, the parent process has no control over spawned processes. For example, if you allow /bin/sh to be executed, you cannot control it beyond its own systrace policy. One way to get around this limitation is to specify a policy for the child process to inherit if it is to be less liberal than the normal system policy. This would be done via systrace -i.

  • + Share This
  • 🔖 Save To Your Account