[Outofthebox] exploiting concurrency vulnerabilities in system call wrappers - open/net bsd systrace compromised
Mircha Emanuel D'Angelo
ryuujin at olografix.org
Sat Aug 18 15:03:37 CEST 2007
Il nostro pazzo ftp21, mi ha mandato questo articolo:
http://www.wikio.it/article=25805053
e in rete ho trovato altre fonti:
http://www.lightbluetouchpaper.org/2007/08/06/usenix-woot07-exploiting-concurrency-vulnerabilities-in-system-call-wrappers-and-the-evil-genius/
http://www.watson.org/~robert/2007woot/
A parte che il primo articolo citato nell'email mi sembra il solito
pazzo giornalista simil-punto-informatico, quanto e' significativo della
ricerca di Watson?
Interessante il commento di Watson
>Dear mymyselfandI:
>In the paper, I argue that the problem here is not with a specific
piece of software (since identical vulnerabilities exist in a broad
range of similar such systems), but rather that the system call wrapper
approach is fundamentally flawed in >the context of current operating
system designs.
>The implication of your comment is misleading–this paper is about
discouraging people from using an approach that doesn’t work, and to
instead to select one of several approaches that does work. The paper
documents several that >have merit, including moving to a true message
passing model (offering argument atomicity guarantees) or using an
integrated security framework (present on several OS platforms), etc. In
fact, if you read my 2003 IEEE DISCEX paper on the TrustedBSD MAC
Framework <http://www.trustedbsd.org/trustedbsd-discex3.pdf>, you’ll see
that the design of the MAC Framework is intended to specifically address
these exact problems. Tal Garfinkel’s 2003 NDSS paper
<http://www.stanford.edu/%7Etalg/papers/traps/traps-ndss03.pdf> makes a
very similar argument. The solutions are >known, and have been for
several years, they just need to be adopted.
>Thanks,
>Robert Watson
More information about the Outofthebox
mailing list