[FUG-BR] falha de segurança na familia BSD -

[Marcelo Soares da Costa]

I presented, “Exploiting Concurrency Vulnerabilities in System Call
Wrappers,” a paper on the topic of compromising system call
interposition-based protection systems, such as COTS virus scanners,
OpenBSD and NetBSD’s Systrace, the TIS Generic Software Wrappers Toolkit
(GSWTK), and CerbNG. The key insight here is that the historic
assumption of “atomicity” of system calls is falacious, and that on both
uniprocessor and multiprocessing systems, it is trivial to construct a
race between system call wrappers and malicious user processes to bypass
protections. I demonstrated sample exploit code against the Sysjail
policy on Systrace, and IDwrappers on GSWTK, but the paper includes a
more extensive discussion including vulnerabilities in sudo’s Systrace
monitor mode. You can read the paper and see the presentation slides
here. All affected vendors received at least six months, and in some
cases many years advance notice regarding these vulnerabilities.

The moral, for those unwilling to read the paper, is that system call
wrappers are a bad idea, unless of course, you’re willing to rewrite the
OS to be message-passing. Systems like the TrustedBSD MAC Framework on
FreeBSD and Mac OS X Leopard, Linux Security Modules (LSM), Apple’s (and
now also NetBSD’s) kauth(9), and other tightly integrated kernel
security frameworks offer specific solutions to these concurrency
problems. There’s plenty more to be done in that area.

referencia 

http://www.lightbluetouchpaper.org/2007/08/06/usenix-woot07-exploiting-concurrency-vulnerabilities-in-system-call-wrappers-and-the-evil-genius/