From: ramsdell@mitre.org (John D. Ramsdell)
To: selinux@tycho.nsa.gov
Subject: Re: polgen and strace
Date: 16 Nov 2004 08:43:30 -0500 [thread overview]
Message-ID: <ogty8h16ha5.fsf@divan.mitre.org> (raw)
In-Reply-To: <87fz3ajhex.fsf@glaurung.internal.golden-gryphon.com>
Manoj Srivastava <manoj.srivastava@stdc.com> writes:
> While poking around in polgen (in preparation for packaging
> it for Debian), I noticed that it has the full set of sources for
> strace!
The strace that is part of polgen has been changed so that when one
specifies the -X option, it adds security context information to its
output. This added output is essential to the analysis that follows.
Polgen 0.8 has a version of strace based on version 4.5.6. Late last
week, I noticed Polgen's strace died a horrible death when tracing
Java programs. I found out that the standard 4.5.6 release has the
same problem, but the version that comes with FC3 works.
I have a new version of SE Linux enhanced strace based on version
4.5.8 in my CVS repository, and this version allows us to analyze Java
programs. Let me simply say, there is a lot going on in a Java VM!
People interested in policies that implement the principle of least
privileges have a lot to do. A new polgen release that includes this
improvement is coming soon.
> Would polgen work with a vanilla strace? Are there plans for
> pushing strace changes upstream?
Polgen would not work with vanilla strace. We have offered the
changes to the strace maintainers, but have not received a word one
way or the other as to their interest in supporting the -X option.
> I might be able to get strace patched, though, if the patches
> were not too intrusive., but I was not able to find a canonical
> location for strace patches.
I can make up the patch, but I'm not sure it would help.
By the way, the polgen program strace2tsv transforms strace output
into tab separated values. It should be useful to anyone analyzing
strace output with another program. It works with vanilla strace too.
Polgen has a manual page for this program.
What does one do to package polgen for Debian? Is there something I
can add to the polgen sources that would facilitate this process. I
don't know much about Debian packaging, so hand holding is in order.
John
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2004-11-16 13:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-16 9:02 polgen and strace Manoj Srivastava
2004-11-16 13:43 ` John D. Ramsdell [this message]
2004-11-17 17:43 ` Manoj Srivastava
2004-11-18 13:23 ` John D. Ramsdell
2004-11-18 19:11 ` Steve G
2004-11-18 20:41 ` John D. Ramsdell
2004-11-20 22:35 ` SELinux enhanced strace patch John D. Ramsdell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ogty8h16ha5.fsf@divan.mitre.org \
--to=ramsdell@mitre.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.