Andrea Barisani wrote:
Hi folks!
I'd like to announce that Systrace is back in the portage tree, it consists
of two packages:
sys-apps/systrace
No, remove it.
the userspace application that now features a ptrace backend in case the
kernel patch is not installed.
sys-kernel/systrace-sources
this is standard kernel with our base patchset + systrace patch.
We are trying to get this in hardened-sources as well, as I said you don't
need the kernel patch to try this out, granted that the ptrace backend is
much slower and really useful only for testing/debugging purposes, in the
long run the patch is the way to go.
Absolutely not.
Testing/feedback is appreciated.
Systrace has a broken security model which allows, among other things,
privilege escalation. It is our (hardened) opinion that it is harmful to
security and the cause of hardened. I ask you to remove it. If you don't
we cannot and will not support it, and will discourage its use among our
users.
--
gentoo-security@gentoo.org mailing list
