Linked by Thom Holwerda on Thu 9th Aug 2007 17:02 UTC, submitted by Joe User
University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software, recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release.
Permalink for comment 262291
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2007-03-08
This has been in the BUGS section of systrace for a while.
"BUGS
Applications that use clone()-like system calls to share the complete address space between processes may be able to replace system call arguments after they have been evaluated by systrace and escape policy enforcement."
This has never been something that is enabled by default so I do not see how this can be a serious problem.
Watson has done some very interesting research though and it's good somebody decided to really dive into it and see what the problems in. Kudos!