Am 19.03.2009 um 19:41 schrieb Thor Lancelot Simon:
I'm not sure what you're getting at here. Systrace runs in the kernel. Bugs in systrace can unquestionably give processes root priveleges whenthey should not have them.
That would mean that there is a buffer overflow somewhere in the kernel where you can inject code. AFAIK, the security problem was not a buffer overflow in systrace, but that under certain circumstances it was possible to break out of the systrace using timing attacks and subprocesses. As I'm not running it as root, there's no way to get root that way.
I'm not sure what you mean here, but I cannot see how it matters. The codehad a severe design problem with both system stability and securityimplications, nobody was willing to fix it, and the code was removed. If you want it put back, you probably need to fix it first, at the very least.
It worked just fine if you had it running as user. The problem you mentioned before doesn't apply to a systrace running as a user (if you got access to the user who's running systrace, why would you even bother to exploit systrace then? You're in already!), so it _WAS_ useful.
Description: Signierter Teil der Nachricht