Date: Thu, 24 Jul 2008 11:22:58 -0700 From: Julian Elischer <julian@elischer.org> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: Kostik Belousov <kostikbel@gmail.com>, Liste FreeBSD-security <freebsd-security@freebsd.org>, Robert Watson <rwatson@freebsd.org>, Lyndon Nerenberg <lyndon@orthanc.ca> Subject: Re: A new kind of security needed Message-ID: <4888C882.30707@elischer.org> In-Reply-To: <60254.1216921273@critter.freebsd.dk> References: <60254.1216921273@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote: > In message <200807241639.m6OGda4b004216@apollo.backplane.com>, Matthew Dillon w > rites: >> Doesn't OpenBSD have a syscall filtering mechanic where one can restrict >> the file paths the program is allowed to access? > > Yes they do. > > Really smart (multithreaded) > programs modify the strings after the check and get > to access the files anyway. though it's not always successful. It's kind of strange that they don't just copyin the name. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4888C882.30707>