FreeBSD Security Advisory FreeBSD-SA-03:09.signal
Robert Watson
rwatson at freebsd.org
Mon Aug 11 09:38:34 PDT 2003
On Sun, 10 Aug 2003, Jason Dambrosio wrote:
> > IV. Workaround
> >
> > There is no workaround for the local denial-of-service attack.
>
> Wouldn't a possible workaround be, to load a kld module that would
> replace the ptrace(2) system call with a patched one? I remember doing
> such a trick for modifying other system calls using kld modules...
Yes; it should be fairly trivial to write a kernel module that modifies
the system call vector to wrap the current ptrace() and performs extra
run-time argument checking. Off-hand, I don't remember if the ptrace()
argument in question involves an extra copyin() -- if so, a competent
attacker could race the system call wrapper, but if not, it should be
pretty secure. I was thinking about writing one while driving to work
today; I may get around to it this evening sometime, unless someone else
gets there first. I know we support ptrace() in the Linux emulation on
-current (maybe also -stable) -- I'm not sure if you'd also need to wrap
that interface or not.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
More information about the freebsd-security
mailing list