Just to clarify, this advisory does not involve either of the two vulnerabilities that I discovered over a year ago now that still remain unpatched. The one bug is a local root on Linux, NetBSD, FreeBSD, OpenBSD, and Mac OS X, and any other OS systrace is ported to in the future. The other bug is a complete bypass of systrace's "security" on Linux.
Maybe keep looking Stefan ;) If you can find them, I'll release my fulling working MENU-BASED exploit. Actually, I was quite upset at first that someone had killed my bug but then I read the advisory closer and realized it was a different local root, imagine that ;) It amazes me that Niels has known a local root vulnerability has existed in his code for over a year and yet he hasn't even bothered to audit his own code, but instead continues to promote it. http://monkey.org/openbsd/archive/misc/0304/msg01400.html "I am looking forward to his local root exploit for systrace." Sorry Niels, no such luck today :( It was close! -Brad _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
