OpenBSD hardening


Systrace (7/10) - esempi di policy 

OpenBSD viene rilasciata con "usr_sbin_lpd" e "usr_sbin_named" (/etc/systrace)

bin_ls

                Policy: /bin/ls, Emulation: native
                           native-munmap: permit
                [...]
                           native-stat: permit
                           native-fsread: filename match "/usr/*" then permit
                           native-fsread: filename eq "/tmp" then permit
                           native-fsread: filename eq "/etc" then deny[enotdir]
                           native-fchdir: permit
                           native-fstat: permit
                           native-fcntl: permit
                [...]
                           native-close: permit
                           native-write: permit
                           native-exit: permit