santa/docs/known-limitations.md at 2024.6

mirror of https://github.com/google/santa.git synced 2026-01-15 01:08:12 -05:00

Files

Matt W e8b7fdff64 Modernize docs (Round 1) (#1363 )

* WIP Major modernization effort for many of the Santa docs

* Update IPC concept doc and diagram

* WIP - Apply suggestions from code review

Only some of the comments are included in this first commit.

Co-authored-by: Kathryn May <44557882+kathancox@users.noreply.github.com>
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>

* WIP - Part 2 - Apply suggestions from code review

Adding some more suggestions. Still more to go through.

Co-authored-by: Kathryn May <44557882+kathancox@users.noreply.github.com>
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>

* WIP Adding more PR suggestions

* WIP - Apply suggestions from code review

More commits from reviewers

Co-authored-by: Kathryn May <44557882+kathancox@users.noreply.github.com>
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>

* WIP - Apply suggestions from code review

More PR suggestions

Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
Co-authored-by: Kathryn May <44557882+kathancox@users.noreply.github.com>

* WIP addressed more PR feedback

* WIP - More PR feedback

* WIP - More PR feedback on bundle identification. Link updates

* WIP - Clarify bundle events

* WIP - clarify how to request bundle binary events

* Update santad setup tasks

* Fix doc link

* Update docs/binaries/santa-gui.md

Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>

---------

Co-authored-by: Kathryn May <44557882+kathancox@users.noreply.github.com>
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>

2024-06-07 10:17:07 -04:00

1.1 KiB

Raw Permalink Blame History

title, nav_order

title	nav_order
Known Limitations	7

Known limitations

Santa only blocks execution (execve and variants); it doesn't protect against dynamic libraries loaded with dlopen, libraries on disk that have been replaced, or libraries loaded using DYLD_INSERT_LIBRARIES.
Scripts: Santa is written to ignore any execution that isn't a binary. After weighing the administrative cost versus the benefit, we found it wasn't worthwhile to manage the execution of scripts. Additionally, several applications make use of temporary scripts, and blocking these could cause problems. We're happy to revisit this (or at least make it an option) if it would be useful to others.
USB Mass Storage Blocking: Santa's USB Mass Storage blocking feature only stops incidental data exfiltration. It is not meant as a hard control. It cannot block:
- Directly writing to an unmounted, but attached device
Metrics reported by Santa are not currently in a format that is friendly to open source solutions (Issue #563)

1.1 KiB Raw Permalink Blame History

Known limitations

1.1 KiB

Raw Permalink Blame History