A new kind of security needed
Julian Elischer
julian at elischer.org
Thu Jul 24 18:23:26 UTC 2008
Poul-Henning Kamp wrote:
> In message <200807241639.m6OGda4b004216 at apollo.backplane.com>, Matthew Dillon w
> rites:
>> Doesn't OpenBSD have a syscall filtering mechanic where one can restrict
>> the file paths the program is allowed to access?
>
> Yes they do.
>
> Really smart
(multithreaded)
> programs modify the strings after the check and get
> to access the files anyway.
though it's not always successful.
It's kind of strange that they don't just copyin the name.
>
More information about the freebsd-security
mailing list