[nycbug-talk] Cambridge Researcher Breaks OpenBSD Systrace
Charles Sprickman
spork at bway.net
Thu Aug 9 19:03:02 EDT 2007
On Thu, 9 Aug 2007, Miles Nordin wrote:
> I find it a bit disgusting that he understood the issues in 2002 but
> is only now five years later turning them into a security crisis.
>
> http://docs.freebsd.org/cgi/getmsg.cgi?fetch=493173+0+archive/2002/freebsd-hackers/20020602.freebsd-hackers
>
> and it's not like he just recently became interested in this. so, I
> think it'll be interesting to see if there is some particular reason
> he picked this moment for his paper, some reason which becomes clear
> over the next few months.
Change of heart? More research? He says this in the link above about
systrace in regards to bringing it to FreeBSD:
"So I would suggest someone port it over, and write a cool paper on what
they ran into, because there are probably a lot of interesting problems.
And at the end of the day, it works really well, it would be a great thing
to add to our growing arsenol of security features."
While the OpenBSD aspect is interesting, I think that the greatest impact
is in the windows world where apparently most common resident virus
scanners use similar tricks (the syscall wrapping) to do "on access"
scanning. If someone finds an easy way to hack most existing windows AV
software, that's a big deal. He did (does?) work for a company that
produced such software I believe...
Charles
More information about the talk
mailing list