Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: polgen and strace
From: John D. Ramsdell <ramsdell_at_mitre.org>
Date: 16 Nov 2004 08:43:30 -0500
> While poking around in polgen (in preparation for packaging The strace that is part of polgen has been changed so that when one specifies the -X option, it adds security context information to its output. This added output is essential to the analysis that follows. Polgen 0.8 has a version of strace based on version 4.5.6. Late last week, I noticed Polgen's strace died a horrible death when tracing Java programs. I found out that the standard 4.5.6 release has the same problem, but the version that comes with FC3 works. I have a new version of SE Linux enhanced strace based on version 4.5.8 in my CVS repository, and this version allows us to analyze Java programs. Let me simply say, there is a lot going on in a Java VM! People interested in policies that implement the principle of least privileges have a lot to do. A new polgen release that includes this improvement is coming soon.
> Would polgen work with a vanilla strace? Are there plans for Polgen would not work with vanilla strace. We have offered the changes to the strace maintainers, but have not received a word one way or the other as to their interest in supporting the -X option.
> I might be able to get strace patched, though, if the patches I can make up the patch, but I'm not sure it would help. By the way, the polgen program strace2tsv transforms strace output into tab separated values. It should be useful to anyone analyzing strace output with another program. It works with vanilla strace too. Polgen has a manual page for this program. What does one do to package polgen for Debian? Is there something I can add to the polgen sources that would facilitate this process. I don't know much about Debian packaging, so hand holding is in order. John -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 16 Nov 2004 - 08:43:32 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |