A new kind of security needed
Poul-Henning Kamp
phk at phk.freebsd.dk
Thu Jul 24 18:07:56 UTC 2008
In message <200807241639.m6OGda4b004216 at apollo.backplane.com>, Matthew Dillon w
rites:
> Doesn't OpenBSD have a syscall filtering mechanic where one can restrict
> the file paths the program is allowed to access?
Yes they do.
Really smart programs modify the strings after the check and get
to access the files anyway.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list