SUBTERFUGUE 0.1.1 is available. The main change is a partial integration of
Pavel Machek's experimental safe scratch area code, which can prevent threaded
programs from escaping SUBTERFUGUE.
>From NEWS:
Version 0.1.1 ("sanchez")
* First cut at integration of Pavel Machek's patch. It includes his safe
scratch area stuff (see scratch.py and ScratchTrick.py), plus several new
tricks (Arg, Net, NoKill, NoClose123, GoodDisc).
* Enhancement to SimplePathSandbox to support denial of access to certain
paths. (also from Pavel)
==============================================================================
This is SUBTERFUGUE. See 'NEWS' for info on the latest release.
SUBTERFUGUE is a framework for observing and playing with the reality of
software; it's a foundation for building tools to do tracing, sandboxing, and
many other things. You could think of it as "strace meets expect."
Here's a short (real) "screenshot" which hints at one of its possible uses:
# sf --trick=SimplePathSandbox:"read=['/'];write=['/dev/tty'];net=1" bash
# id
uid=0(root) gid=0(root) groups=0(root)
# rm -f /etc/passwd
write deny (unlink): '/etc/passwd'
rm: cannot unlink `/etc/passwd': Permission denied
BEWARE: This is an alpha release. It might not hose your system, but who can
say? You probably shouldn't even be reading this. Don't run this as root,
except on a scratch system. Don't use it to run programs where a loss of
state might be disastrous (e.g., fetchmail). Consider yourself warned.
See 'http://subterfugue.org' for more info.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:13 EST