Re: FreeBSD Security Advisory FreeBSD-SA-03:09.signal
From: Robert Watson (rwatson_at_freebsd.org)
Date: Mon, 11 Aug 2003 12:38:11 -0400 (EDT) To: Jason Dambrosio <firstname.lastname@example.org>
On Sun, 10 Aug 2003, Jason Dambrosio wrote:
> > IV. Workaround
> > There is no workaround for the local denial-of-service attack.
> Wouldn't a possible workaround be, to load a kld module that would
> replace the ptrace(2) system call with a patched one? I remember doing
> such a trick for modifying other system calls using kld modules...
Yes; it should be fairly trivial to write a kernel module that modifies
the system call vector to wrap the current ptrace() and performs extra
run-time argument checking. Off-hand, I don't remember if the ptrace()
argument in question involves an extra copyin() -- if so, a competent
attacker could race the system call wrapper, but if not, it should be
pretty secure. I was thinking about writing one while driving to work
today; I may get around to it this evening sometime, unless someone else
gets there first. I know we support ptrace() in the Linux emulation on
-current (maybe also -stable) -- I'm not sure if you'd also need to wrap
that interface or not.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
email@example.com Network Associates Laboratories
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"