Re: systrace replacement

To: netbsd-users%netbsd.org@localhost
Subject: Re: systrace replacement
From: christos%astron.com@localhost (Christos Zoulas)
Date: Thu, 26 Mar 2009 15:58:12 +0000 (UTC)

In article <A1CC32CB-3DAE-4720-84BE-ECDCC7AD07C6%webkeks.org@localhost>,
Jonathan Schleifer  <js-netbsd-users%webkeks.org@localhost> wrote:
>-=-=-=-=-=-
>
>http://www.provos.org/index.php?/categories/2-Systrace&/archives/33-Local-Privilege-Escalation.html
>
>It seems the issue with gaining root was fixed already. So please, why  
>remove it if it works just fine if it's running as a non-root user? It  
>was really, really useful.
>
>Additionally, there was a thread on the OpenBSD ML in the last days  
>where systrace was recommended to someone. I used this chance to ask  
>if there were any fixes in OpenBSD that NetBSD is missing.

Because it provides a false sense of security like the apperture
driver for X.  If a security measure can be circumvented it is not
very useful. In this case it is trivial to use a multi-threaded
program to exploit TOCTOU, and circumvent systrace. It is even
documented in the original systrace paper. Until someone makes
changes so that the system call arguments are saved in kernel space
first before systrace inspection as the paper suggests, it is not
very useful.

christos

Follow-Ups:
- Re: systrace replacement
  - From: Jonathan Schleifer

References:
- systrace replacement
  - From: Jonathan Schleifer
- Re: systrace replacement
  - From: Jonathan Schleifer
- Re: systrace replacement
  - From: Christos Zoulas
- Re: systrace replacement
  - From: Jonathan Schleifer

Prev by Date: Re: systrace replacement
Next by Date: Re: Official CDs maybe?
Previous by Thread: Re: systrace replacement
Next by Thread: Re: systrace replacement
Indexes:

Home | Main Index | Thread Index | Old Index