on Mon, Sep 29, 2003 at 12:32:50PM -0400, Niels Provos wrote:
> Fault injection to test error handling is a very useful.  However,
> I do not think that it should be part of systrace proper.  Currently,
> systrace already allows you to specify a separate frontend.  In the
> past, I have written simple shell scripts to introduce random faults
> in system calls using Systrace.  Just do something like
> 
>   systrace -g ./faultinjectionwrapper cat /etc/myname

Cunning. Ok. scratch -r in systrace.

> > Terminating a process when a system call not in its policy is
> > attempted (only for unsupervised processes.) May help with policy
> > probing attacks, and the problem noted above with kill.
> 
> That may be useful.  A kill action by itself may be good, too.

okiedokie. The patch included some modifications which would make a kill
action easier too. I'll do this when I have a bit more time.

Thanks.