From owner-freebsd-arch@FreeBSD.ORG Tue Apr 6 13:51:33 2010 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09EAB1065676 for ; Tue, 6 Apr 2010 13:51:33 +0000 (UTC) (envelope-from alexanderchuranov@gmail.com) Received: from mail-gx0-f211.google.com (mail-gx0-f211.google.com [209.85.217.211]) by mx1.freebsd.org (Postfix) with ESMTP id B98638FC1E for ; Tue, 6 Apr 2010 13:51:32 +0000 (UTC) Received: by gxk3 with SMTP id 3so3730369gxk.13 for ; Tue, 06 Apr 2010 06:51:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:received:message-id :subject:from:to:content-type; bh=z7cZJRL/FAoxT8Ia+XwypOPlVY45oxZFSyPV90fLR88=; b=EFYmxrnjGRvy8pZzd3LlxAPM6vYxhq74QrCD/vAxjry179s1alD715epGuLqXhX90q sbYMZ9ry7AOLyc7Nu5Q4ANB1m8JFXYIKjCh6Hu5UOXiHDcd64/wKwRHJ7e3LHYftjUWk bqyw9pCqGmhpv13W4E95xJqCrIyyHxQ9czNx0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=KUF1Ez4B2iNHTgJuz90gnzHBGqv2kFvpqfR1oDuZGXXHkT+IBRgc3wyh0yl9PKntMv 1j3p3hcswjFx3pD/wMZKMpMf68dAX0YzWmcmwzWO3XtmpHkUAwN1Ggz+4aEMcC5O7s/1 rnLP0Z8KtxHrcDnX71mz4n0+T6GhYGZVyjzpA= MIME-Version: 1.0 Received: by 10.90.119.15 with HTTP; Tue, 6 Apr 2010 06:27:29 -0700 (PDT) Date: Tue, 6 Apr 2010 17:27:29 +0400 Received: by 10.91.65.19 with SMTP id s19mr2185929agk.34.1270560450165; Tue, 06 Apr 2010 06:27:30 -0700 (PDT) Message-ID: From: Alexander Churanov To: freebsd-arch@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: New "scallhook" feature. Is is OK to create a proposal? X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Apr 2010 13:51:33 -0000 Folks, My friend, Vladislav Soldatov, and I are going to propose and implement a new "scallhook" feature: the generic modular solution to monitoring, filtering and translating system calls. The feature differs from OpenBSD systrace: it is much more general, going to be modular and have strong foundation for security application. The project includes implementing the kernel-side code, the userland configuration utility, some of most required filtering/translating modules as well as a new handbook (otherbooks) section on configuration and extending, plus articles on the web. The future additions to the project may be a system for sandboxing application every time it is started and an extension to ports system which would automatically sandbox application when it is being installed. About me: I am software engineer, currently working in Cisco Systems, specializing in C/C++/UNIX. My additional interests are software quality and security. I am a port maintainer for devel/boost-* and was participating in extending syscons driver, until the project was superseded by syscons rewrite by Ed Schouten. About Vladislav: Vladislav is a PhD of computer science, has experience with developing in C and C++ for FreeBSD. Before writing the full proposal on the wiki, I'd like to receive the first approval. What do you think of this? Will be the feature accepted? Alexander Churanov