> > I guess you should take a look at Systrace:
> > http://en.wikipedia.org/wiki/Systrace
>
>
> This was removed from NetBSD some time ago because it is vulnerable.
> They said it's not only possible to circumvent it, but also gain root
> using it. Is this fixed in OpenBSD somehow?
They freaked out and did the wrong thing.
systrace has a small problem. It is a very difficult problem to fix
because of the kernel system call argument fetching is spread so
widely. This problem was documented since the beginning:
BUGS
Applications that use clone()-like system calls to share the complete ad-
dress space between processes may be able to replace system call argu-
ments after they have been evaluated by systrace and escape policy en-
forcement.
That said, this is not enough reason to entirely delete the code. It
still has uses. With the other address space security changes we have
made, the risks from this are subtantially mitigated. You also cannot
"gain root" except in extremely well crafted situations which are not
real; systrace does have the ability to "grant root" unless you build
the policy specifically to do such a stupid thing (actually, I am not
certain if our systrace, the original, ever had that deluded ability
of escalation; I think it was added by netbsd).
So a project that does zero about real security issues overreacted --
probably because the code had originally come from here. Typical.
One can only hope that some issue comes up in openssh, and that they
then delete openssh, too.
