[FUG-BR] falha de segurança na familia BSD -

Nilson Debatin nilson em forge.com.br
Sexta Agosto 10 17:03:00 BRT 2007 

To acompanhando isto desde ontem, e aparentemente FreeBSD não
é vulneravel a falha de concorrencia das wrappers em syscalls,
a não se que se use TrustedBSD ou CerbNG. Quem não usa pode
ficar tranquilo... agora quem usa Net/OpenBSD e os usuários tem
acesso a shell fiquem ligados pq deve pipocar exploits locais
na net a qualquer momento...

[]s
Nilson


On Fri, 2007-08-10 at 13:37 -0300, Marcelo Soares da Costa wrote:
> I presented, “Exploiting Concurrency Vulnerabilities in System Call
> Wrappers,” a paper on the topic of compromising system call
> interposition-based protection systems, such as COTS virus scanners,
> OpenBSD and NetBSD’s Systrace, the TIS Generic Software Wrappers Toolkit
> (GSWTK), and CerbNG. The key insight here is that the historic
> assumption of “atomicity” of system calls is falacious, and that on both
> uniprocessor and multiprocessing systems, it is trivial to construct a
> race between system call wrappers and malicious user processes to bypass
> protections. I demonstrated sample exploit code against the Sysjail
> policy on Systrace, and IDwrappers on GSWTK, but the paper includes a
> more extensive discussion including vulnerabilities in sudo’s Systrace
> monitor mode. You can read the paper and see the presentation slides
> here. All affected vendors received at least six months, and in some
> cases many years advance notice regarding these vulnerabilities.
> 
> The moral, for those unwilling to read the paper, is that system call
> wrappers are a bad idea, unless of course, you’re willing to rewrite the
> OS to be message-passing. Systems like the TrustedBSD MAC Framework on
> FreeBSD and Mac OS X Leopard, Linux Security Modules (LSM), Apple’s (and
> now also NetBSD’s) kauth(9), and other tightly integrated kernel
> security frameworks offer specific solutions to these concurrency
> problems. There’s plenty more to be done in that area.
> 
> referencia 
> 
> http://www.lightbluetouchpaper.org/2007/08/06/usenix-woot07-exploiting-concurrency-vulnerabilities-in-system-call-wrappers-and-the-evil-genius/
> 
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Mais detalhes sobre a lista de discussão freebsd