Date: Mon, 11 Aug 2003 12:38:11 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Jason Dambrosio <jason@wiz.cx> Cc: FreeBSD Security Advisories <security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:09.signal Message-ID: <Pine.NEB.3.96L.1030811123553.64564A-100000@fledge.watson.org> In-Reply-To: <20030811063316.GA85000@tekgenesis.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 Aug 2003, Jason Dambrosio wrote: > > IV. Workaround > > > > There is no workaround for the local denial-of-service attack. > > Wouldn't a possible workaround be, to load a kld module that would > replace the ptrace(2) system call with a patched one? I remember doing > such a trick for modifying other system calls using kld modules... Yes; it should be fairly trivial to write a kernel module that modifies the system call vector to wrap the current ptrace() and performs extra run-time argument checking. Off-hand, I don't remember if the ptrace() argument in question involves an extra copyin() -- if so, a competent attacker could race the system call wrapper, but if not, it should be pretty secure. I was thinking about writing one while driving to work today; I may get around to it this evening sometime, unless someone else gets there first. I know we support ptrace() in the Linux emulation on -current (maybe also -stable) -- I'm not sure if you'd also need to wrap that interface or not. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030811123553.64564A-100000>