[LUAU] OpenBSD, cracked, again
Jim Thompson
jim at netgate.com
Thu Aug 9 22:05:47 PDT 2007
and so soon!
http://www.lightbluetouchpaper.org/2007/08/06/usenix-woot07-
exploiting-concurrency-vulnerabilities-in-system-call-wrappers-and-
the-evil-genius/
... "including sudo"...
Here's the pull quote:
> The moral, for those unwilling to read the paper, is that system
> call wrappers are a bad idea, unless of course, you’re willing to
> rewrite the OS to be message-passing. Systems like the TrustedBSD
> MAC Framework on FreeBSD and Mac OS X Leopard, Linux Security
> Modules (LSM), Apple’s (and now also NetBSD’s) kauth(9), and other
> tightly integrated kernel security frameworks offer specific
> solutions to these concurrency problems. There’s plenty more to be
> done in that area.
Just something to consider in the head-long rush to disable these
technologies.
As for OpenBSD, can we ask the too simple question as to why, if
they're so concerned about security, they've refused to implement
kauth or similar?
Or, you know, even attempt to fix this problem during the past six
months?
I watch the ripples change their size
But never leave the stream
Of warm impermanence and
So the days float through my eyes
But still the days seem the same
And these children that you spit on
As they try to change their worlds
Are immune to your consultations
They're quite aware of what they're going through
sigh
More information about the LUAU
mailing list