Cambridge Researcher Breaks OpenBSD Systrace

Posted by kdawson on Thursday August 9, 2007 @02:19AM from the without-a-trace dept.

An anonymous reader writes "University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software, recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release."

2 of 194 comments (clear)

Min score:

Reason:

Sort:

Re:No need for alarm! by guruevi · 2007-08-09 03:31 · Score: 0, Redundant

I didn't know they could BOTH shout thatloud.

--
Custom electronics and digital signage for your business: www.evcircuits.com
Am I missing something? by Ancient_Hacker · 2007-08-09 04:56 · Score: 0, Redundant

Am I missing something?
Isn't it well known that you should not validate some data that the user might still be able to modify? That's security 101.
What's the problem with copying parameters to some memory space that the user can't reach, like the system heap? Surely moving a few bytes isn't going to be a big performance hit, compared to the time it takes to validate parameters.