Star Cambridge Researcher Breaks Open/NetBSD Systrace
Linked by Thom Holwerda on Thu 9th Aug 2007 17:02 UTC, submitted by Joe User
Privacy, Security, Encryption University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software, recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release.
E-mail Print r 1   12 Comment(s) http://osne.ws/e7q
Thread beginning with comment 262013
To read all comments associated with this story, please click here.
not bad...
by dmitry on Thu 9th Aug 2007 17:55 UTC
dmitry
Member since:
2006-01-16

Nice and a serious slap into OpenBSD's face, hah Theo? ...

Reply Bookmark Score: 0

RE: not bad...
by systyrant on Thu 9th Aug 2007 18:05 in reply to "not bad..."
systyrant Member since:
2007-01-18

I wouldn't call it a serious slap. It may be a serious problem, but if you think you can do better then by all means... do better.

I have faith that the *BSD developers will sort it all out.

Reply Parent Bookmark Score: 10

RE: not bad...
by Soulbender on Fri 10th Aug 2007 04:01 in reply to "not bad..."
Soulbender Member since:
2005-08-18

Not really, since Theo has always said systrace is problematic which is, among other things, why it isnt used by default. If systrace is your only line of the defense, well, then you get what you deserve.
But hey, dont let facts get in the way of a nice flamewar.

Reply Parent Bookmark Score: 3