[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] syscall filtering

From: Magnus Damm
Subject: [Qemu-devel] syscall filtering
Date: Tue, 23 Nov 2004 15:19:15 +0100


While Piotrek is thinking about securing the system emulator, I am more
interested in syscall filtering. I have not thought about it too much,
but the idea (if possible) would be to run qemu as a filter for certain
binaries on your machine. Basically, you run i386-user with filters on a
i386 machine.

fakeroot is nice, but is only working for dynamically linked binaries.
Using the qemu user emulator to filter syscalls would make it possible
to have a fakeroot that works for any binary. As long as the binary
doesn't try to do any root-activities in the kernel that is.

securing scripts:
Trojans hiding in configure-scripts, how fun is that? Remember?
By executing the configure script (and all children) in an environment
that detects and disables network activity I would feel safe(r).

/ magnus

reply via email to

[Prev in Thread] Current Thread [Next in Thread]