diff options
| -rw-r--r-- | security/gtk-systrace/DESCR | 28 | ||||
| -rw-r--r-- | security/gtk-systrace/MESSAGE | 10 | ||||
| -rw-r--r-- | security/gtk-systrace/Makefile | 29 | ||||
| -rw-r--r-- | security/gtk-systrace/PLIST | 10 | ||||
| -rw-r--r-- | security/gtk-systrace/distinfo | 4 |
5 files changed, 81 insertions, 0 deletions
diff --git a/security/gtk-systrace/DESCR b/security/gtk-systrace/DESCR new file mode 100644 index 00000000000..5dda8e1a34e --- /dev/null +++ b/security/gtk-systrace/DESCR @@ -0,0 +1,28 @@ +GTK frontend for systrace. + +Systrace enforces system call policies for applications by constraining +the application's access to the system. The policy is generated +interactively. Operations not covered by the policy raise an alarm +and allow an user to refine the currently configured policy. + +For complicated applications, it is difficult to know the correct +policy before running them. Initially, Systrace notifies the user +about all system calls that an applications tries to execute. The +user configures a policy for the specific system call that caused +the warning. After a few minutes, a policy is generated that allows +the application to run without any warnings. However, events that +are not covered still generate a warning. Normally, that is an +indication of a security problem. Systrace improves cyber security +by providing intrusion prevention. + +With systrace untrusted binary applications can be sandboxed. +Their access to the system can be restricted almost arbitrarily. +Sandboxing applications available only as binaries is only sensible +as it is not possible to directly analyze what they are designed +to do. However, constraining the system calls large open-source +applications are allowed to execute is useful too as it is very +difficult to determine their correctness. + +System call arguments can be rewritten dynamically. This effects +a virtual chroot for the sandboxed application. It also prevents +race conditions in the argument evaluation. diff --git a/security/gtk-systrace/MESSAGE b/security/gtk-systrace/MESSAGE new file mode 100644 index 00000000000..06f38d6b8f2 --- /dev/null +++ b/security/gtk-systrace/MESSAGE @@ -0,0 +1,10 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1.1.1 2002/12/18 03:49:56 wiz Exp $ + +To use the GTK frontend with systrace, do + + $ cd ${X11BASE}/bin && ln -s ${PREFIX}/bin/notification xsystrace + +You might need to remove/backup a previously existing xsystrace there. + +=========================================================================== diff --git a/security/gtk-systrace/Makefile b/security/gtk-systrace/Makefile new file mode 100644 index 00000000000..3fdbe127924 --- /dev/null +++ b/security/gtk-systrace/Makefile @@ -0,0 +1,29 @@ +# $NetBSD: Makefile,v 1.1.1.1 2002/12/18 03:49:56 wiz Exp $ +# + +DISTNAME= gtk-systrace-2002-12-01 +PKGNAME= gtk-systrace-20021201 +WRKSRC= ${WRKDIR}/notification-0.1 +CATEGORIES= security x11 +MASTER_SITES= http://www.citi.umich.edu/u/provos/systrace/ + +MAINTAINER= packages@netbsd.org +HOMEPAGE= http://www.citi.umich.edu/u/provos/systrace/index.html +COMMENT= GTK interface to systrace(1) + +ONLY_FOR_PLATFORM= NetBSD-1.6[H-Z]*-* NetBSD-1.[7-9]*-* NetBSD-[2-9]* + +GNU_CONFIGURE= YES +USE_BUILDLINK2= YES +USE_LIBTOOL= YES + +pre-configure: + cd ${WRKSRC} && \ + ${ACLOCAL} && \ + ${AUTOHEADER} && \ + ${AUTOCONF} && \ + ${AUTOMAKE} -acf + +.include "../../x11/gtk/buildlink2.mk" +.include "../../mk/automake.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/security/gtk-systrace/PLIST b/security/gtk-systrace/PLIST new file mode 100644 index 00000000000..c15a852046e --- /dev/null +++ b/security/gtk-systrace/PLIST @@ -0,0 +1,10 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2002/12/18 03:49:56 wiz Exp $ +bin/notification +share/notification/pixmaps/deny-always.xpm +share/notification/pixmaps/deny.xpm +share/notification/pixmaps/logo.xpm +share/notification/pixmaps/permit-always.xpm +share/notification/pixmaps/permit.xpm +share/notification/pixmaps/skull.xpm +@dirrm share/notification/pixmaps +@dirrm share/notification diff --git a/security/gtk-systrace/distinfo b/security/gtk-systrace/distinfo new file mode 100644 index 00000000000..f4a040bf2e4 --- /dev/null +++ b/security/gtk-systrace/distinfo @@ -0,0 +1,4 @@ +$NetBSD: distinfo,v 1.1.1.1 2002/12/18 03:49:56 wiz Exp $ + +SHA1 (gtk-systrace-2002-12-01.tar.gz) = f59c9224ce6d1068feec7e5c1c03d65c2f65c1d1 +Size (gtk-systrace-2002-12-01.tar.gz) = 73110 bytes |