[nycbug-talk] Cambridge Researcher Breaks OpenBSD Systrace
mspitzer at gmail.com
Thu Aug 9 13:42:11 EDT 2007
An anonymous reader writes "University of Cambridge researcher Robert
Watson has published a paper at the First USENIX Workshop On Offensive
Technology in which he describes serious vulnerabilities in OpenBSD's
Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The
technique is also effective against many commercially available
anti-virus systems. His slides include sample exploit code that
bypasses access control, virtualization, and intrusion detection in
under 20 lines of C code consisting solely of memcpy() and fork().
Sysjail has now withdrawn their software, recommending against any
use, and NetBSD has disabled Systrace by default in their upcoming
Freedom is nothing but a chance to be better.
More information about the talk