First page Back Continue Last page Summary Graphics
Wrapper for deceptions
Based on UID, PID, what run, state, etc.
- Alter capabilities of processes
- Run altered programs (e.g., non-setUID)
- Set UID for exec'ed process
- chroot to altered environment
- Refuse access (phony error return)
Rule-based interface version
General purpose (lisp) version
Drop-in user-defined version
Notes: