Re: A new kind of security needed

---

• From: Julian Elischer <julian@xxxxxxxxxxxx>
• Date: Thu, 24 Jul 2008 11:22:58 -0700

---

Poul-Henning Kamp wrote:

In message <200807241639.m6OGda4b004216@xxxxxxxxxxxxxxxxxxxx>, Matthew Dillon w
rites:

Doesn't OpenBSD have a syscall filtering mechanic where one can restrict
the file paths the program is allowed to access?

Yes they do.

Really smart

(multithreaded)

programs modify the strings after the check and get
to access the files anyway.

though it's not always successful.

It's kind of strange that they don't just copyin the name.

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: A new kind of security needed
    • From: Matthew Dillon

• References:
  • Re: A new kind of security needed
    • From: Poul-Henning Kamp

• Prev by Date: Re: A new kind of security needed
• Next by Date: Re: A new kind of security needed
• Previous by thread: Re: A new kind of security needed
• Next by thread: Re: A new kind of security needed
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2008-07