Slashdot Mirror


A Highly Portable Sandbox Facility For OpenBSD

An Anonymous Coward writes: "A new facility called 'systrace' has been developed by one of the OpenBSD developers. It allows enforcement of system call policies on untrusted binaries. For now it is only available OpenBSD-current, but the author claims it is highly portable and can easily be integrated into GNU/Linux systems. Eventually binary-only software is going to become more and more common in Linux, so this could be a another 'Good Thing(TM)' from the paranoids that brought us OpenSSH."

2 of 40 comments (clear)

  1. Re:BSD vs. Linux by Anonymous Coward · · Score: 2, Funny

    "BSD: We've got hot babes."

  2. Re:How does this compare to Jail? by Anonymous Coward · · Score: 1, Funny

    They have IIS, Exchange, and Internet Explorer running wholly in kernel space.

    Running programs as SYSTEM makes them fast!
    Whoops!
    Where's all my files!
    I are hacked!