Systrace

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations. (May 2014) (Learn how and when to remove this message) This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Systrace" – news · newspapers · books · scholar · JSTOR (May 2014) (Learn how and when to remove this message) (Learn how and when to remove this message)

Systrace

Original author(s)	Niels Provos
Stable release	1.6g / March 15, 2009; 15 years ago (2009-03-15)
Operating system	Unix-like
Type	Computer security
License	BSD-like
Website	www.citi.umich.edu/u/provos/systrace/

Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities. It was developed by Niels Provos and runs on various Unix-like operating systems.

Systrace is particularly useful when running untrusted or binary-only applications and provides facilities for privilege elevation on a system call basis, helping to eliminate the need for potentially dangerous setuid programs. It also includes interactive and automatic policy generation features, to assist in the creation of a base policy for an application.

Systrace used to be integrated into OpenBSD, but was removed in April 2016^[1][2] (in favour of pledge post OpenBSD 5.9^[3][4]). It is available for Linux and Mac OS X, although the OS X port is currently unmaintained. It was removed from NetBSD at the end of 2007 due to several unfixed implementation issues. As of version 1.6f Systrace supports 64-bit Linux 2.6.1 via kernel patch.