> I guess the question is: how many people actually use systrace in > scripts? Probably very very few.
I use it in scripts but will look to switching to pledge when I have time, which I *should* be able to find in the next 6 months, haha. It is however sometimes insightful as a quick and dirty debugging tool. Unfortunately systrace overhead can be significant for monitoring complex programs but it could potentially be useful as a part of a (HIPS or system intrusion or malfunction detection for a secure server). hmmm, assuming pledge doesn't kill the offending process first, haha. I guess pledging /bin/sh may throw up challenges too though I see many pledges in csh? and so is systrace useful there? -- KISSIS - Keep It Simple So It's Securable
