[nycbug-talk] Cambridge Researcher Breaks OpenBSD Systrace

Peter Wright pete at nomadlogic.org
Thu Aug 9 17:07:18 EDT 2007

> Link: http://it.slashdot.org/it/07/08/09/138224.shtml
> An anonymous reader writes "University of Cambridge researcher Robert
> Watson has published a paper at the First USENIX Workshop On Offensive
> Technology in which he describes serious vulnerabilities in OpenBSD's
> Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The
> technique is also effective against many commercially available
> anti-virus systems. His slides include sample exploit code that
> bypasses access control, virtualization, and intrusion detection in
> under 20 lines of C code consisting solely of memcpy() and fork().
> Sysjail has now withdrawn their software, recommending against any
> use, and NetBSD has disabled Systrace by default in their upcoming
> release."

i read the paper this morning - it's quite interesting read actually:



Peter Wright
pete at nomadlogic.org

More information about the talk mailing list