According to Provos's blog, http://www.provos.org/index.php?/archives/34-Evading-System-Sandbox-Containment.html
"The initial prototype of Systrace as described in the paper<http://www.citi.umich.edu/u/provos/papers/systrace.pdf>avoided this problem by using a look-aside buffer in the kernel. This imposes a slight performance penalty but I hope that this obvious solution is going to be included in the OpenBSD and NetBSD kernel soon." But we have no idea about was this solution included into OpenBSD sources tree or not... 2009/7/14 Theo de Raadt <dera...@cvs.openbsd.org> > > I've just been pondering,... were the systrace issues identified with in: > > http://it.slashdot.org/it/07/08/09/138224.shtml > > ever delt with and corrected? > > They were not identified there. They were documented in the manual page > right from the start. > > > If so where can I find some more info on the fixes made? > > No, it isn't fixed.
