Re: FreeBSD Security Advisory FreeBSD-SA-03:09.signal
From: Robert Watson (rwatson_at_freebsd.org)
Date: 08/11/03
- Previous message: Ivailo Tanusheff: "mail dublicate"
- In reply to: Jason Dambrosio: "Re: FreeBSD Security Advisory FreeBSD-SA-03:09.signal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Aug 2003 12:38:11 -0400 (EDT) To: Jason Dambrosio <jason@wiz.cx>
On Sun, 10 Aug 2003, Jason Dambrosio wrote:
> > IV. Workaround
> >
> > There is no workaround for the local denial-of-service attack.
>
> Wouldn't a possible workaround be, to load a kld module that would
> replace the ptrace(2) system call with a patched one? I remember doing
> such a trick for modifying other system calls using kld modules...
Yes; it should be fairly trivial to write a kernel module that modifies
the system call vector to wrap the current ptrace() and performs extra
run-time argument checking. Off-hand, I don't remember if the ptrace()
argument in question involves an extra copyin() -- if so, a competent
attacker could race the system call wrapper, but if not, it should be
pretty secure. I was thinking about writing one while driving to work
today; I may get around to it this evening sometime, unless someone else
gets there first. I know we support ptrace() in the Linux emulation on
-current (maybe also -stable) -- I'm not sure if you'd also need to wrap
that interface or not.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Network Associates Laboratories
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Ivailo Tanusheff: "mail dublicate"
- In reply to: Jason Dambrosio: "Re: FreeBSD Security Advisory FreeBSD-SA-03:09.signal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
