OpenBSD hardening


Systrace (8/10) - privilege elevation 

eliminare la necessita' di avere binari "suid" e "sgid"

le applicazioni sono eseguite senza privilegi e sono elevate solo quando richieste 

                 native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_RAW" then permit as root
                 native-bind: sockaddr eq "inet-[0.0.0.0]:22" then permit as root
                 native-fsread: filename eq "/dev/kmem" then permit as :kmem