Am 26.03.2009 um 16:12 schrieb Theo de Raadt: > They freaked out and did the wrong thing.
It was removed when I reported a bug in NETBSD-5-0 that would crash the Kernel when you tried to use systrace. Instead of fixing that, they removed it. > systrace has a small problem. It is a very difficult problem to fix > because of the kernel system call argument fetching is spread so > widely. This problem was documented since the beginning: > > BUGS > Applications that use clone()-like system calls to share the > complete ad- > dress space between processes may be able to replace system call > argu- > ments after they have been evaluated by systrace and escape > policy en- > forcement. This sounds really hard to exploit, indeed. > That said, this is not enough reason to entirely delete the code. It > still has uses. With the other address space security changes we have > made, the risks from this are subtantially mitigated. You also cannot > "gain root" except in extremely well crafted situations which are not > real; systrace does have the ability to "grant root" unless you build > the policy specifically to do such a stupid thing (actually, I am not > certain if our systrace, the original, ever had that deluded ability > of escalation; I think it was added by netbsd). I couldn't really believe that you can gain root when the application you systrace isn't running as root. Thanks for clarifying that. I'm talking about this thread btw: http://mail-index.netbsd.org/netbsd-users/2009/03/19/msg003309.html The "gaining root issue" was mentioned here: http://mail-index.netbsd.org/netbsd-users/2009/03/18/msg003300.html and here: http://mail-index.netbsd.org/netbsd-users/2009/03/19/msg003313.html > So a project that does zero about real security issues overreacted -- > probably because the code had originally come from here. Typical. > One can only hope that some issue comes up in openssh, and that they > then delete openssh, too. Yes, that's definitely something I like about OpenBSD. You can't care too much for security. But unfortunately, OpenBSD has some issues on this machine :(. -- Jonathan [demime 1.01d removed an attachment of type application/pgp-signature which had a name of PGP.sig]
