Re: hardening BSD (was systrace/stsh policies)

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Subject: Re: hardening BSD (was systrace/stsh policies)

Date: Monday, October 15, 2007 - 2:32 am

Robert Watson's paper discusses concurrency vulnerabilities. Impact
include policy bypass and audit trail invalidation. A bypass means it
is useless. That pretty much hammered in the last nail on the coffin
for security tools based on system call interposition.

On 10/15/07, Steve Shockley wrote:

quoted text

> Joachim Schipper wrote:
> > You should probably do a Google search on systrace before continuing
> > further down this road. In particular, I believe the issue highlighted
> > by Robert Watson has not been fixed yet (although I could be wrong, and
> > would be happy to be wrong in this case).
>
> The white paper for the systrace vulnerability was a little bit beyond
> me; what's the impact of the issue? Is a system running systrace *more*
> vulnerable than a normal system, or is the problem just that a
> determined user can circumvent systrace (like the bottom of systrace(1)
> suggests)? If it's the latter, it seems like it'd still be useful for
> policy enforcement to some extent.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

systrace/stsh policies, Xavier Mertens, (Thu Oct 11, 2:54 pm)

Re: systrace/stsh policies, Joachim Schipper, (Thu Oct 11, 6:05 pm)

hardening BSD (was systrace/stsh policies), Aaron, (Sun Oct 14, 4:27 pm)

Re: hardening BSD (was systrace/stsh policies), Aaron, (Mon Oct 15, 10:30 pm)

Re: hardening BSD (was systrace/stsh policies), Joachim Schipper, (Wed Oct 17, 3:15 pm)

Re: hardening BSD (was systrace/stsh policies) , Theo de Raadt, (Wed Oct 17, 3:28 pm)

Re: hardening BSD (was systrace/stsh policies), Joachim Schipper, (Mon Oct 15, 4:10 pm)

Re: hardening BSD (was systrace/stsh policies), Francesco Toscan, (Mon Oct 15, 2:31 am)

Re: hardening BSD (was systrace/stsh policies), Steve Shockley, (Sun Oct 14, 11:40 pm)

Re: hardening BSD (was systrace/stsh policies), Ted Unangst, (Mon Oct 15, 1:54 pm)

Re: hardening BSD (was systrace/stsh policies), Eduardo Tongson, (Mon Oct 15, 2:32 am)

Re: hardening BSD (was systrace/stsh policies), Janne Johansson, (Mon Oct 15, 11:46 am)

Re: hardening BSD (was systrace/stsh policies), Nick Guenther, (Mon Oct 15, 11:37 am)

Re: hardening BSD (was systrace/stsh policies), Darren Spruell, (Sun Oct 14, 5:07 pm)


linux-kernel:
Greg Kroah-Hartman	[PATCH 005/196] Chinese: add translation of SubmittingDrivers
Nick Piggin	[patch] my mmu notifier sample driver
Sean	Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
Arjan van de Ven	[Patch v2] Make PCI extended config space (MMCONFIG) a driver opt-in
git:

linux-netdev:
Antonio Almeida	HTB accuracy for high speed
Gerrit Renker	[PATCH 0/37] dccp: Feature negotiation - last call for comments
Jens Axboe	Re: [BUG] New Kernel Bugs
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
openbsd-misc:

Re: hardening BSD (was systrace/stsh policies)

Online users