Re: A new kind of security needed
- From: "Poul-Henning Kamp" <phk@xxxxxxxxxxxxxx>
- Date: Thu, 24 Jul 2008 17:41:13 +0000
In message <200807241639.m6OGda4b004216@xxxxxxxxxxxxxxxxxxxx>, Matthew Dillon w
rites:
Doesn't OpenBSD have a syscall filtering mechanic where one can restrict
the file paths the program is allowed to access?
Yes they do.
Really smart programs modify the strings after the check and get
to access the files anyway.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@xxxxxxxxxxx | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: A new kind of security needed
- From: Julian Elischer
- Re: A new kind of security needed
- References:
- Re: A new kind of security needed
- From: Matthew Dillon
- Re: A new kind of security needed
- Prev by Date: Re: A new kind of security needed
- Next by Date: Re: A new kind of security needed
- Previous by thread: Re: A new kind of security needed
- Next by thread: Re: A new kind of security needed
- Index(es):
Relevant Pages
|
