[ANNOUNCE] SUBTERFUGUE 0.2

[ANNOUNCE] SUBTERFUGUE 0.2

[Mike Coleman]

SUBTERFUGUE 0.2 is available.  It's been updated to work with the new 2.4
kernel and also includes a few other bug fixes and improvements.  It's
available in source or Debian package form.

As always, feedback is welcome.
--Mike


==============================================================================
README:

SUBTERFUGUE is a framework for observing and playing with the reality of
software; it's a foundation for building tools to do tracing, sandboxing, and
many other things.  You could think of it as "strace meets expect."

Here's a short (real) "screenshot" which hints at one of its possible uses:

    # sf --trick=SimplePathSandbox:"read=['/'];write=['/dev/tty']" bash
    # id
    uid=0(root) gid=0(root) groups=0(root)
    # rm -f /etc/passwd
    write deny (unlink): '/etc/passwd'
    rm: cannot unlink `/etc/passwd': Permission denied

[Translation: Run 'bash' in a sandbox (restricted environment) so that it and
all of the processes it creates can read all files (everything under '/') but
can only write '/dev/tty'.  All system calls that read or write to the
filesystem are checked, and the attempt to unlink '/etc/passwd' is
disallowed.]

Disclaimer: SUBTERFUGUE is still fairly alpha.  If you run it on a system that
matters and something breaks, you get to keep both pieces.  Especially avoid
programs where a loss of state might be disastrous (e.g., fetchmail).

See 'http://subterfugue.org' and the sf(1) man page for more info.  See the
file 'NEWS' in the distribution for info on the latest release.


==============================================================================
NEWS:

Version 0.2 ("tiger")

* Fixes to make SUBTERFUGUE work again with the 2.4 kernel.  (new system
  calls, slightly different wait behaviors, etc)

* Added 'now' and 'delta' flags to TimeWarp trick.  Experience the future and
  the past!

* New 'herekitty' script to amuse your cat!  (Dan Egnor's cool idea)

* FixFlash trick fixes a problem with the Macromedia Flash plugin that causes
  Netscape to hang when Flash tries to use /dev/dsp and it's in use.

* The TRACESYSGOOD patch is included in the kernel as of 2.4.0-test10, so
  revert to disabling the "wait channel hack" by default.  (Only vanilla
  2.3.99 through 2.4.0-test9 need it now.)

* Added '--nowall', which allows sf to run somewhat in a degenerate way under
  linux 2.2.

* Disable python '-O' flag by default, as it turns off assertion checking,
  which is still extremely useful at this point.