Robert Watson's paper discusses concurrency vulnerabilities. Impact include policy bypass and audit trail invalidation. A bypass means it is useless. That pretty much hammered in the last nail on the coffin for security tools based on system call interposition.
On 10/15/07, Steve Shockley <[EMAIL PROTECTED]> wrote: > Joachim Schipper wrote: > > You should probably do a Google search on systrace before continuing > > further down this road. In particular, I believe the issue highlighted > > by Robert Watson has not been fixed yet (although I could be wrong, and > > would be happy to be wrong in this case). > > The white paper for the systrace vulnerability was a little bit beyond > me; what's the impact of the issue? Is a system running systrace *more* > vulnerable than a normal system, or is the problem just that a > determined user can circumvent systrace (like the bottom of systrace(1) > suggests)? If it's the latter, it seems like it'd still be useful for > policy enforcement to some extent.
