[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] syscall filtering
From: |
Magnus Damm |
Subject: |
[Qemu-devel] syscall filtering |
Date: |
Tue, 23 Nov 2004 15:19:15 +0100 |
Hello,
While Piotrek is thinking about securing the system emulator, I am more
interested in syscall filtering. I have not thought about it too much,
but the idea (if possible) would be to run qemu as a filter for certain
binaries on your machine. Basically, you run i386-user with filters on a
i386 machine.
fakeroot-replacement:
---------------------
fakeroot is nice, but is only working for dynamically linked binaries.
Using the qemu user emulator to filter syscalls would make it possible
to have a fakeroot that works for any binary. As long as the binary
doesn't try to do any root-activities in the kernel that is.
securing scripts:
-----------------
Trojans hiding in configure-scripts, how fun is that? Remember?
http://www.mavetju.org/unix/openssh-trojan.php
By executing the configure script (and all children) in an environment
that detects and disables network activity I would feel safe(r).
/ magnus
- [Qemu-devel] syscall filtering,
Magnus Damm <=