OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: A new kind of security needed

From: Poul-Henning Kamp (phkphk.freebsd.dk)
Date: Thu Jul 24 2008 - 12:41:13 CDT


In message <200807241639.m6OGda4b004216apollo.backplane.com>, Matthew Dillon w
rites:
> Doesn't OpenBSD have a syscall filtering mechanic where one can restrict
> the file paths the program is allowed to access?

Yes they do.

Really smart programs modify the strings after the check and get
to access the files anyway.

--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phkFreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"