SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: polgen and strace This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: John D. Ramsdell <ramsdell_at_mitre.org> Date: 16 Nov 2004 08:43:30 -0500 Manoj Srivastava <manoj.srivastava@stdc.com> writes: > While poking around in polgen (in preparation for packaging > it for Debian), I noticed that it has the full set of sources for > strace! The strace that is part of polgen has been changed so that when one specifies the -X option, it adds security context information to its output. This added output is essential to the analysis that follows. Polgen 0.8 has a version of strace based on version 4.5.6. Late last week, I noticed Polgen's strace died a horrible death when tracing Java programs. I found out that the standard 4.5.6 release has the same problem, but the version that comes with FC3 works. I have a new version of SE Linux enhanced strace based on version 4.5.8 in my CVS repository, and this version allows us to analyze Java programs. Let me simply say, there is a lot going on in a Java VM! People interested in policies that implement the principle of least privileges have a lot to do. A new polgen release that includes this improvement is coming soon. > Would polgen work with a vanilla strace? Are there plans for > pushing strace changes upstream? Polgen would not work with vanilla strace. We have offered the changes to the strace maintainers, but have not received a word one way or the other as to their interest in supporting the -X option. > I might be able to get strace patched, though, if the patches > were not too intrusive., but I was not able to find a canonical > location for strace patches. I can make up the patch, but I'm not sure it would help. By the way, the polgen program strace2tsv transforms strace output into tab separated values. It should be useful to anyone analyzing strace output with another program. It works with vanilla strace too. Polgen has a manual page for this program. What does one do to package polgen for Debian? Is there something I can add to the polgen sources that would facilitate this process. I don't know much about Debian packaging, so hand holding is in order. John -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 16 Nov 2004 - 08:43:32 EST This message: [ Message body ] Next message: John D. Ramsdell: "SLAT 1.2.4 released" Previous message: petre rodan: "Re: gentoo policy for stunnel" In reply to: Manoj Srivastava: "polgen and strace" Next in thread: Manoj Srivastava: "Re: polgen and strace" Reply: Manoj Srivastava: "Re: polgen and strace" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom