Re: FreeBSD Security Advisory FreeBSD-SA-03:09.signal

From: Robert Watson (rwatson_at_freebsd.org)
Date: 08/11/03

  • Next message: Marcus Reid: "Re: statically compiled files left over after a 'make world'"
    Date: Mon, 11 Aug 2003 12:38:11 -0400 (EDT)
    To: Jason Dambrosio <jason@wiz.cx>
    
    

    On Sun, 10 Aug 2003, Jason Dambrosio wrote:

    > > IV. Workaround
    > >
    > > There is no workaround for the local denial-of-service attack.
    >
    > Wouldn't a possible workaround be, to load a kld module that would
    > replace the ptrace(2) system call with a patched one? I remember doing
    > such a trick for modifying other system calls using kld modules...

    Yes; it should be fairly trivial to write a kernel module that modifies
    the system call vector to wrap the current ptrace() and performs extra
    run-time argument checking. Off-hand, I don't remember if the ptrace()
    argument in question involves an extra copyin() -- if so, a competent
    attacker could race the system call wrapper, but if not, it should be
    pretty secure. I was thinking about writing one while driving to work
    today; I may get around to it this evening sometime, unless someone else
    gets there first. I know we support ptrace() in the Linux emulation on
    -current (maybe also -stable) -- I'm not sure if you'd also need to wrap
    that interface or not.

    Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
    robert@fledge.watson.org Network Associates Laboratories

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Marcus Reid: "Re: statically compiled files left over after a 'make world'"