Joachim Schipper wrote:
You should probably do a Google search on systrace before continuing further down this road. In particular, I believe the issue highlighted by Robert Watson has not been fixed yet (although I could be wrong, and would be happy to be wrong in this case).
The white paper for the systrace vulnerability was a little bit beyond me; what's the impact of the issue? Is a system running systrace *more* vulnerable than a normal system, or is the problem just that a determined user can circumvent systrace (like the bottom of systrace(1) suggests)? If it's the latter, it seems like it'd still be useful for policy enforcement to some extent.
