search for: systrac

Displaying 20 results from an estimated 39 matches for "systrac".

Did you mean: systray
2011 Aug 14
10
Call for testing: OpenSSH-5.9
...he privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. Three concrete sandbox implementation are provided (selected at configure time): systrace, seatbelt and rlimit. The systrace sandbox uses systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_P...
2003 Jul 25
3
systrace for FreeBSD 5.1
I'm porting the most recent version of Neil Provos' systrace to FreeBSD 5.1. I'm sending him the diffs to integrate into his distribution. I'd also like to submit them to someone with FreeBSD for consideration, and hopefully inclusion as a port or whatever you prefer. Who could I send them to, or what would you prefer me to do with regard to FreeB...
2006 Apr 05
23
DTrace as a security tool / http://systrace.org
I''d like to see if we can use DTrace to as the kernel implementation of the BSD systrace security policy system (http://www.systrace.org). I don''t really want to port systrace to Solaris because I think with DTrace we already have all the necessary in kernel hooks to do this. With systrace you express things like: "httpd can bind to port 80 but not any other port, i...
2007 Aug 09
9
Is DTrace Vulnerable?
There is a Slashdot discussion today titled "Cambridge Researcher Breaks OpenBSD Systrace". Slashdot anonymous member has a comment "Even Sun''s Dtrace might be vulnerable." I don''t think it is. Comments? Exploiting Concurrency Vulnerabilities in System Call Wrappers http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf Ab...
2011 Jun 22
3
sandbox pre-auth privsep child
...it has been used by Chris Evans' vsftpd FTP server and, more recently, by Google's Chrome web browser. This patch includes three concrete sandbox implementations, a dummy one for platforms that support nothing else, a weak one that uses setrlimit(2) and a strong one that uses OpenBSD's systrace(4). The setrlimit(2) sandbox drops the hard and soft fd, process and "created file size" limits to zero. This effectively prevents the slave process from forking or creating new file descriptors (e.g. sockets). This works well suprisingly well on most platforms at preventing a compromis...
2011 Jun 23
1
sandbox for OS X
Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function na...
2006 Jun 03
1
man pages for each providers ?
...fbt fbt (7d) - DTrace function boundary tracing provider lockstat lockstat (7d) - DTrace kernel lock instrumentation provider profile profile (7d) - DTrace profile interrupt provider sdt sdt (7d) - DTrace statically defined tracing provider systrace systrace (7d) - DTrace system call tracing provider Can we have as well the probes available by each provder defined in each manual page ? Is there a RFE already opened ? Thanks, stefan This message posted from opensolaris.org
2005 Oct 11
7
dtrace: failed to initialize dtrace: DTrace device not available on system
...0:fbt", O_RDONLY) Err#2 ENOENT open("/devices/pseudo/lockstat at 0:lockstat", O_RDONLY) Err#2 ENOENT open("/devices/pseudo/profile at 0:profile", O_RDONLY) Err#2 ENOENT open("/devices/pseudo/sdt at 0:sdt", O_RDONLY) Err#2 ENOENT open("/devices/pseudo/systrace at 0:systrace", O_RDONLY) Err#2 ENOENT And i confirm these devices dont exist in any of the production or staging servers which have the minimized set of packages. anyone have an idea what we have setup wrong? and when i run a truss on dtrace i see it errors with not found for all the dev...
2004 Jul 29
2
Samba 3.0.x and high processor utilication caused by /etc/passwd access
Hello together, since upgrading on samba 3.0.x (issue happens with all 3.0. release) the cpu-load on my samba PDC ist constantly near 100%. The cpu power ist consumed by all running smb-processes. Systrace shows me that the smb processes tried to access to /etc/passwd on a permanent basis. My question is: Why tries samba to access etc/passwd so often and produces this high cpu-load? Regards, Heiko B?ringer Rights for smbpasswd are set as following ##################################################...
2011 Sep 06
2
Announce: OpenSSH 5.9 released
...he privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. Three concrete sandbox implementation are provided (selected at configure time): systrace, seatbelt and rlimit. The systrace sandbox uses systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_P...
2011 Sep 06
2
Announce: OpenSSH 5.9 released
...he privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. Three concrete sandbox implementation are provided (selected at configure time): systrace, seatbelt and rlimit. The systrace sandbox uses systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_P...
2005 Aug 23
0
Duplication in dtrace''s forceload entries in /etc/system
...tion, but tracing will not occur during boot as desired. * To remove these directives (and this block comment) automatically, run * "dtrace -A" without additional arguments. See the "Anonymous Tracing" * chapter of the Solaris Dynamic Tracing Guide for details. * forceload: drv/systrace forceload: drv/sdt forceload: drv/profile forceload: drv/lockstat forceload: drv/fbt forceload: drv/fasttrap forceload: drv/systrace forceload: drv/sdt forceload: drv/profile forceload: drv/lockstat forceload: drv/fbt forceload: drv/fasttrap forceload: drv/dtrace * ^^^^ Added by DTrace It'...
2005 Oct 10
1
Dovecot versus libsafe 2.0.15
Hi, I encountered a problem using Dovecot (todays CVS, 11/10/2005) with libsafe, systemwide install. Dovecot silently dies. Here is the end of the systrace output I got: bind(6, {sin_family=AF_INET, sin_port=htons(143), sin_addr=inet_addr("0.0.0.0")}}, 16) = 0 getsockname(6, {sin_family=AF_INET, sin_port=htons(143), sin_addr=inet_addr("0.0.0.0")}}, [16]) = 0 listen(6, 8) = 0 fcntl64(0x6, 0x3, 0, 0x807...
2011 Sep 26
1
Firewalling outbound connections...
Hi, would anyone know a soft to firewall outbound connections (applications phoning home, etc...). It would detect an unknown (to him) app that tries to connect to the outside world and it would popup a allow/deny request...AppArmor might be a bit overkill... Anyone have any experience with Systrace, TuxGuardian or Zorp GPL...? Thx, JD
2014 Feb 28
5
Call for testing: OpenSSH 6.6
...gives 'Host' and 'Match' directives that use the expanded hostname a chance to be applied. Bugfixes: * ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in ssh -W. bz#2200, debian#738692 * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace sandbox modes, as it is reachable if the connection is terminated during the pre-auth phase. * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum parsing. Minimum key length checks render this bug unexploitable to compromise SSH 1 sessions. * sshd_config(5): clari...
2012 Dec 20
4
Deprecated calls to bzero() and index() found in OpenSSH 6.1p1
...288,7 +2288,7 @@ JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); - bzero(peer_confirm_hash, peer_confirm_hash_len); + memset(peer_confirm_hash, 0, peer_confirm_hash_len); xfree(peer_confirm_hash); buffer_clear(m); In file 'sandbox-systrace.c', I've replaced the bzero() call with the equivalent memset() call. The patch file is below in (diff -u) format: --- sandbox-systrace.c.orig 2012-12-19 17:27:48.258532654 -0800 +++ sandbox-systrace.c 2012-12-19 17:28:12.705825672 -0800 @@ -140,7 +140,7 @@ box-&...
2011 Aug 17
1
openssh-unix-dev Digest, Vol 100, Issue 3
...perform. > This intention is to prevent a compromised privsep child from being > used to attack other hosts (by opening sockets and proxying) or probing > local kernel attack surface. > > Three concrete sandbox implementation are provided (selected at > configure time): systrace, seatbelt and rlimit. > > The systrace sandbox uses systrace(4) in unsupervised "fast-path" > mode, where a list of permitted syscalls is supplied. Any syscall not > on the list results in SIGKILL being sent to the privsep child. Note > that this requires a kernel...
2012 Dec 21
0
File Attachments for previous bug report
...88,7 @@ JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); - bzero(peer_confirm_hash, peer_confirm_hash_len); + memset(peer_confirm_hash, 0, peer_confirm_hash_len); xfree(peer_confirm_hash); buffer_clear(m); -------------- next part -------------- --- sandbox-systrace.c.orig 2012-12-19 17:27:48.258532654 -0800 +++ sandbox-systrace.c 2012-12-19 17:28:12.705825672 -0800 @@ -140,7 +140,7 @@ box->systrace_fd, child_pid, strerror(errno)); /* Allocate and assign policy */ - bzero(&policy, sizeof(policy)); + memset(&policy, 0, sizeof(policy...
2015 Jun 29
3
[Bug 2419] New: SECCOMP filter does not accept getpgid syscall
https://bugzilla.mindrot.org/show_bug.cgi?id=2419 Bug ID: 2419 Summary: SECCOMP filter does not accept getpgid syscall Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at
2014 Mar 15
0
Announce: OpenSSH 6.6 released
...gives 'Host' and 'Match' directives that use the expanded hostname a chance to be applied. Bugfixes: * ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in ssh -W. bz#2200, debian#738692 * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace sandbox modes, as it is reachable if the connection is terminated during the pre-auth phase. * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum parsing. Minimum key length checks render this bug unexploitable to compromise SSH 1 sessions. * sshd_config(5): clari...