[nycbug-talk] Cambridge Researcher Breaks OpenBSD Systrace

Charles Sprickman spork at bway.net
Thu Aug 9 19:03:02 EDT 2007


On Thu, 9 Aug 2007, Miles Nordin wrote:

> I find it a bit disgusting that he understood the issues in 2002 but
> is only now five years later turning them into a security crisis.
>
> http://docs.freebsd.org/cgi/getmsg.cgi?fetch=493173+0+archive/2002/freebsd-hackers/20020602.freebsd-hackers
>
> and it's not like he just recently became interested in this.  so, I
> think it'll be interesting to see if there is some particular reason
> he picked this moment for his paper, some reason which becomes clear
> over the next few months.

Change of heart?  More research?  He says this in the link above about 
systrace in regards to bringing it to FreeBSD:

"So I would suggest someone port it over, and write a cool paper on what 
they ran into, because there are probably a lot of interesting problems. 
And at the end of the day, it works really well, it would be a great thing 
to add to our growing arsenol of security features."

While the OpenBSD aspect is interesting, I think that the greatest impact 
is in the windows world where apparently most common resident virus 
scanners use similar tricks (the syscall wrapping) to do "on access" 
scanning.  If someone finds an easy way to hack most existing windows AV 
software, that's a big deal.  He did (does?) work for a company that 
produced such software I believe...

Charles



More information about the talk mailing list