Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems BSD

Cambridge Researcher Breaks OpenBSD Systrace 194

Posted by kdawson from the without-a-trace dept.
An anonymous reader writes "University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software, recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release."
This discussion has been archived. No new comments can be posted.

Cambridge Researcher Breaks OpenBSD Systrace More

Cambridge Researcher Breaks OpenBSD Systrace

Comments Filter:

  • Re:Brace for impact... (Score:1, Interesting)

    by Anonymous Coward on Thursday August 09, 2007 @11:12AM (#20170093)
    De Raadt doesn't do Rampages, he only does games available via console, like Tetris, Hunt and Hangman.

    He also doesn't get upset about problems being found in software, like any sane person, he's more afraid of the problems he's not finding out about.

  • Re:Why??? (Score:5, Interesting)

    by orclevegam ( 940336 ) on Thursday August 09, 2007 @11:18AM (#20170169) Journal

    Why is everyone so hell bent on BREAKING things? Can't we all just try to get along for an instant?

    Because the fastest way to learn about something is to break it. Why do you think physicists spend all that time and money on particle accelerators?

  • Re:Article? (Score:1, Interesting)

    by Anonymous Coward on Thursday August 09, 2007 @11:26AM (#20170295)
    By the way, what has happened to the slashdot effect? Not so long ago the first thing I did when reading about something on slashdot was finding a coral or google cache link to the actual article on the comments section. Nowadays - and I haven't really even thought about it - the articles usually just work. Are the webservers better now, or has the power of slashdot effect declined?

    Or have I just been lucky?

  • Re:Linux? (Score:4, Interesting)

    by Hawke ( 1719 ) <kilpatds@oppositelock.org> on Thursday August 09, 2007 @01:36PM (#20172183) Homepage Journal
    The presentation covers it pretty well. At least the GSWTK attack.

    (It's a straight forward time-of-use vs. time-of-check attack. And we were at least partially aware of it when we wrote GSWTK. The problem is that the original system calls require memory in the processes space, so you can't just copy in the string after you validate it to keep the process from changing it. I wrote some methods for Linux that allocated extra pages in the processes memory space so we could copy in the string, but that just makes the attack harder via obscurity. It doesn't address the fundamental issue at all.)

Slashdot Top Deals

And it should be the law: If you use the word `paradigm' without knowing what the dictionary says it means, you go to jail. No exceptions. -- David Jones

Close