From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33)
	id 1CWbgL-0008RQ-Ki
	for qemu-devel@nongnu.org; Tue, 23 Nov 2004 09:30:13 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33)
	id 1CWbgK-0008Qs-Ke
	for qemu-devel@nongnu.org; Tue, 23 Nov 2004 09:30:12 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.33) id 1CWbgK-0008Qi-I5
	for qemu-devel@nongnu.org; Tue, 23 Nov 2004 09:30:12 -0500
Received: from [213.80.72.10] (helo=kubrik.opensource.se)
	by monty-python.gnu.org with esmtp (Exim 4.34) id 1CWbX5-0001yA-UR
	for qemu-devel@nongnu.org; Tue, 23 Nov 2004 09:20:40 -0500
Received: from clementine.opensource.se (unknown [192.168.1.17])
	by kubrik.opensource.se (Postfix) with ESMTP id F23CD3752C
	for <qemu-devel@nongnu.org>; Tue, 23 Nov 2004 15:08:25 +0100 (CET)
From: Magnus Damm <damm@opensource.se>
Content-Type: text/plain
Message-Id: <1101219555.8458.28.camel@localhost>
Mime-Version: 1.0
Date: Tue, 23 Nov 2004 15:19:15 +0100
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] syscall filtering
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hello,

While Piotrek is thinking about securing the system emulator, I am more
interested in syscall filtering. I have not thought about it too much,
but the idea (if possible) would be to run qemu as a filter for certain
binaries on your machine. Basically, you run i386-user with filters on a
i386 machine.

fakeroot-replacement:
---------------------
fakeroot is nice, but is only working for dynamically linked binaries.
Using the qemu user emulator to filter syscalls would make it possible
to have a fakeroot that works for any binary. As long as the binary
doesn't try to do any root-activities in the kernel that is.

securing scripts:
-----------------
Trojans hiding in configure-scripts, how fun is that? Remember?
http://www.mavetju.org/unix/openssh-trojan.php
By executing the configure script (and all children) in an environment
that detects and disables network activity I would feel safe(r).

/ magnus