Am 19.03.2009 um 16:11 schrieb Thor Lancelot Simon:
To use systrace, you need root.
Nope. You can perfectly run it as a user. It looks in ~/.systrace for systrace files first and then in /etc/systrace. Works just fine. No root involved at all!
Worse, systrace can (and did!) create security holes where it gives away root privileges to malicious applications that know how to exploit systrace.
There is no systrace running as root, thus nobody can't gain root through it.
The problem is where the systrace syscall argument handling code was implemented: other threads of control in user processes could simply overwrite its input or output. Nobody stepped up to fundamentally rewrite systrace to eliminate thisvery basic problem, which actually _created_ new security holes instead of eliminating existing ones -- so systrace was removed, basically as asecurity measure. It's a volunteer project, and I don't see anyone stepping up as a volunteer to take on this rather large piece of work.
Erm, if a user can already override it, it means he got access somewhere else - so there's no point in even exploiting systrace, as it's not running as root anyway. You would gain access to the same user again.
-- Jonathan
Attachment:
PGP.sig
Description: Signierter Teil der Nachricht