Re: A new kind of security needed



Poul-Henning Kamp wrote:
In message <200807241639.m6OGda4b004216@xxxxxxxxxxxxxxxxxxxx>, Matthew Dillon w
rites:
Doesn't OpenBSD have a syscall filtering mechanic where one can restrict
the file paths the program is allowed to access?

Yes they do.

Really smart

(multithreaded)


programs modify the strings after the check and get
to access the files anyway.

though it's not always successful.

It's kind of strange that they don't just copyin the name.



_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"