Systrace enforces system call policies for applications by
constraining the application's access to the system. The policy is
generated interactively. Operations not covered by the policy raise an
alarm and allow an user to refine the currently configured policy.
Systrace for Mac OS X supports the same features as
the *BSD versions. However, due to the Mac OS X design, Systrace
currently works only for native Unix applications. More work
is required for full support of Mac OS X.
Systrace is still in Beta testing and I
would appreciate feedback about its stability.
- Systrace Mac OS X package
- Requires Mac OS X 10.2. - 2002-12-04
This package installs a new kernel that supports the
/dev/systrace device and the Systrace application.
If the boot path to the new kernel has been lost, it can be
recovered by reinstalling the Systrace package.
You can find more up-to-date builds of Systrace at http://www.opendarwin.org/~fkr/.
The sources for Systrace itself are available on the main page.
Darwin Kernel diff - apply in src/xnu.
Cocoa-Systrace - graphical
Mac OS X frontend to Systrace. 2002-12-03
Not yet feature complete, but provides basic functionality.
For more information, please check the main Systrace page. Systrace is part of my effort to
improve host security. My earlier
work on Privilege Separation has
already been integrated into Mac OS X.
- Confines untrusted binary applications.
- Interactive Policy Generation with Graphical User Interface.
- Supports different emulations:
- System Call Argument Rewriting.
- Non-interactive Policy Enforcement.
- Remote Monitoring and Intrusion Detection.
- Privilege Elevation: Add-on capabilities.