To acompanhando isto desde ontem, e aparentemente FreeBSD não é vulneravel a falha de concorrencia das wrappers em syscalls, a não se que se use TrustedBSD ou CerbNG. Quem não usa pode ficar tranquilo... agora quem usa Net/OpenBSD e os usuários tem acesso a shell fiquem ligados pq deve pipocar exploits locais na net a qualquer momento...
[]s Nilson On Fri, 2007-08-10 at 13:37 -0300, Marcelo Soares da Costa wrote: > I presented, “Exploiting Concurrency Vulnerabilities in System Call > Wrappers,” a paper on the topic of compromising system call > interposition-based protection systems, such as COTS virus scanners, > OpenBSD and NetBSD’s Systrace, the TIS Generic Software Wrappers Toolkit > (GSWTK), and CerbNG. The key insight here is that the historic > assumption of “atomicity” of system calls is falacious, and that on both > uniprocessor and multiprocessing systems, it is trivial to construct a > race between system call wrappers and malicious user processes to bypass > protections. I demonstrated sample exploit code against the Sysjail > policy on Systrace, and IDwrappers on GSWTK, but the paper includes a > more extensive discussion including vulnerabilities in sudo’s Systrace > monitor mode. You can read the paper and see the presentation slides > here. All affected vendors received at least six months, and in some > cases many years advance notice regarding these vulnerabilities. > > The moral, for those unwilling to read the paper, is that system call > wrappers are a bad idea, unless of course, you’re willing to rewrite the > OS to be message-passing. Systems like the TrustedBSD MAC Framework on > FreeBSD and Mac OS X Leopard, Linux Security Modules (LSM), Apple’s (and > now also NetBSD’s) kauth(9), and other tightly integrated kernel > security frameworks offer specific solutions to these concurrency > problems. There’s plenty more to be done in that area. > > referencia > > http://www.lightbluetouchpaper.org/2007/08/06/usenix-woot07-exploiting-concurrency-vulnerabilities-in-system-call-wrappers-and-the-evil-genius/ > > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
