Date: Thu, 24 Jul 2008 17:41:13 +0000 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Kostik Belousov <kostikbel@gmail.com>, Liste FreeBSD-security <freebsd-security@freebsd.org>, Robert Watson <rwatson@freebsd.org>, Lyndon Nerenberg <lyndon@orthanc.ca> Subject: Re: A new kind of security needed Message-ID: <60254.1216921273@critter.freebsd.dk> In-Reply-To: Your message of "Thu, 24 Jul 2008 09:39:36 MST." <200807241639.m6OGda4b004216@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200807241639.m6OGda4b004216@apollo.backplane.com>, Matthew Dillon w rites: > Doesn't OpenBSD have a syscall filtering mechanic where one can restrict > the file paths the program is allowed to access? Yes they do. Really smart programs modify the strings after the check and get to access the files anyway. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?60254.1216921273>