Editing Systrace

{{Short description|Computer security utility}}
{{multiple issues|
{{more footnotes|date=May 2014}}
{{more citations needed|date=May 2014}}
}}
{{Infobox software
| name                   = Systrace
| logo                   =
| screenshot             =
| caption                =
| collapsible            =
| author                 = [[Niels Provos]]
| developer              =
| released               =
| latest release version = 1.6g
| latest release date    = {{release date and age|2009|3|15}}
| latest preview version =
| latest preview date    =
| frequently updated     =
| programming language   =
| operating system       = [[Unix-like]]
| platform               =
| size                   =
| language               =
| status                 =
| genre                  = [[Computer security]]
| license                = BSD-like
<!--| website                = http://www.systrace.org/ -->
}}
'''Systrace''' is a [[computer security]] utility which limits an [[computer application|application's]] access to the system by enforcing access policies for [[system call]]s. This can mitigate the effects of [[buffer overflow]]s and other security vulnerabilities. It was developed by [[Niels Provos]] and runs on various [[Unix-like]] [[operating system]]s.

Systrace is particularly useful when running untrusted or binary-only applications and provides facilities for [[privilege elevation]] on a system call basis, helping to eliminate the need for potentially dangerous [[setuid]] programs. It also includes interactive and automatic policy generation features, to assist in the creation of a base policy for an application.

Systrace used to be integrated into [[OpenBSD]], but was removed in April 2016{{r|rm-systrace-1|rm-systrace-2}} (in favour of [[OpenBSD_security_features#Other_features|''pledge'']] post OpenBSD 5.9{{r|openbsd-innovations|kern_pledge}}). It is available for [[Linux]] and [[Mac OS X]], although the OS X port is currently unmaintained. It was removed from [[NetBSD]] at the end of 2007 due to several unfixed implementation issues. As of version 1.6f Systrace supports 64-bit Linux 2.6.1 via kernel patch.

==Features==
Systrace supports the following features:
* '''Confines untrusted binary applications''': An application is allowed to make only those system calls specified as permitted in the policy.  If the application attempts to execute a system call that is not explicitly permitted, an alarm gets raised.
* '''Interactive policy generation with graphical user interface''': Policies can be generated interactively via a graphical frontend to Systrace.  The frontend shows system calls and their parameters not currently covered by policy and allows the user to refine the policy until it works as expected.
* '''Supports different emulations''': Linux, BSDI, etc..
* '''Non-interactive policy enforcement''': Once a policy has been trained, automatic policy enforcement can be used to deny all system calls not covered by the current policy.  All violations are logged to Syslog.  This mode is useful when protecting system services like a web server.
* '''Remote monitoring and intrusion detection''': Systrace supports multiple frontends by using a frontend that makes use of the network, very advanced features are possible.
* '''Privilege elevation''': Using Systrace's privilege elevation mode, it's possible to get rid of [[setuid]] binaries.  A special policy statement allows selected system calls to run with higher privileges, for example, creating a [[raw socket]].

==Vulnerability history==
Systrace has had some vulnerabilities in the past, including:
* [http://www.watson.org/~robert/2007woot/ Exploiting Concurrency Vulnerabilities in System Call Wrappers] Paper by [[Robert Watson (computer scientist)|Robert Watson]] from the First USENIX Workshop On Offensive Technologies (WOOT07) analyzing system call wrapper traces across several wrapper platforms including systrace
* [http://www.systrace.org/index.php?/archives/13-Local-Privilege-Escalation.html Google Security discovers local privilege escalation in Systrace]
* [http://www.systrace.org/index.php?/archives/4-Local-Root-Exploit-on-NetBSD.html Local root exploit on NetBSD]
* [http://undeadly.org/cgi?action=article&sid=20070809201304  Vulnerabilities in systrace]

==See also==
* [[Seccomp]]
* [[AppArmor]]
* [[SELinux]]
* [[Mandatory access control]]

==References==
{{Reflist|refs=

<ref name="rm-systrace-1">{{cite mailing list
|url=https://marc.info/?l=openbsd-cvs&m=146161167911029&w=2
|title=boom goes the dynamite
|last=Unangst
|first=Ted
|mailing-list=openbsd-cvs
|date=25 April 2016
|accessdate=17 May 2016
}}</ref>

<ref name="rm-systrace-2">{{cite mailing list
|url=https://marc.info/?l=openbsd-cvs&m=146161509612179&w=2
|title=remove systrace
|last=Unangst
|first=Ted
|mailing-list=openbsd-cvs
|date=25 April 2016
|accessdate=17 May 2016
}}</ref>

<ref name=openbsd-innovations>{{cite web
|url= http://www.openbsd.org/innovations.html
|title= OpenBSD Innovations 
|publisher= [[OpenBSD]]
|date=2018-08-14 |accessdate=2019-02-26
|quote= systrace(4), systrace(1): Started by Niels Provos. Imported June 4, 2002 and first released with OpenBSD 3.2. Deleted after OpenBSD 5.9 because pledge(2) is even better. 
}}</ref>

<ref name=kern_pledge>{{cite web
|url = http://bxr.su/OpenBSD/sys/kern/kern_pledge.c
|title = sys/kern/kern_pledge.c
|author1=Nicholas Marriott |author2=Theo de Raadt |author2-link=Theo de Raadt |publisher = [[OpenBSD]] | website = BSD Cross Reference
|date=2019-02-14 |accessdate=2019-02-26
}}</ref>

}}

==External links==
* {{official website}}

[[Category:BSD software]]
[[Category:OpenBSD]]
[[Category:Unix security-related software]]