search for: systrace

...he privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. Three concrete sandbox implementation are provided (selected at configure time): systrace, seatbelt and rlimit. The systrace sandbox uses systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_PO...

I'm porting the most recent version of Neil Provos' systrace to FreeBSD 5.1. I'm sending him the diffs to integrate into his distribution. I'd also like to submit them to someone with FreeBSD for consideration, and hopefully inclusion as a port or whatever you prefer. Who could I send them to, or what would you prefer me to do with regard to FreeBS...

I''d like to see if we can use DTrace to as the kernel implementation of the BSD systrace security policy system (http://www.systrace.org). I don''t really want to port systrace to Solaris because I think with DTrace we already have all the necessary in kernel hooks to do this. With systrace you express things like: "httpd can bind to port 80 but not any other port, it...

There is a Slashdot discussion today titled "Cambridge Researcher Breaks OpenBSD Systrace". Slashdot anonymous member has a comment "Even Sun''s Dtrace might be vulnerable." I don''t think it is. Comments? Exploiting Concurrency Vulnerabilities in System Call Wrappers http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf Abs...

...it has been used by Chris Evans' vsftpd FTP server and, more recently, by Google's Chrome web browser. This patch includes three concrete sandbox implementations, a dummy one for platforms that support nothing else, a weak one that uses setrlimit(2) and a strong one that uses OpenBSD's systrace(4). The setrlimit(2) sandbox drops the hard and soft fd, process and "created file size" limits to zero. This effectively prevents the slave process from forking or creating new file descriptors (e.g. sockets). This works well suprisingly well on most platforms at preventing a compromise...

Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function nam...

...fbt fbt (7d) - DTrace function boundary tracing provider lockstat lockstat (7d) - DTrace kernel lock instrumentation provider profile profile (7d) - DTrace profile interrupt provider sdt sdt (7d) - DTrace statically defined tracing provider systrace systrace (7d) - DTrace system call tracing provider Can we have as well the probes available by each provder defined in each manual page ? Is there a RFE already opened ? Thanks, stefan This message posted from opensolaris.org

...0:fbt", O_RDONLY) Err#2 ENOENT open("/devices/pseudo/lockstat at 0:lockstat", O_RDONLY) Err#2 ENOENT open("/devices/pseudo/profile at 0:profile", O_RDONLY) Err#2 ENOENT open("/devices/pseudo/sdt at 0:sdt", O_RDONLY) Err#2 ENOENT open("/devices/pseudo/systrace at 0:systrace", O_RDONLY) Err#2 ENOENT And i confirm these devices dont exist in any of the production or staging servers which have the minimized set of packages. anyone have an idea what we have setup wrong? and when i run a truss on dtrace i see it errors with not found for all the devi...

Hello together, since upgrading on samba 3.0.x (issue happens with all 3.0. release) the cpu-load on my samba PDC ist constantly near 100%. The cpu power ist consumed by all running smb-processes. Systrace shows me that the smb processes tried to access to /etc/passwd on a permanent basis. My question is: Why tries samba to access etc/passwd so often and produces this high cpu-load? Regards, Heiko B?ringer Rights for smbpasswd are set as following ###################################################...

...he privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. Three concrete sandbox implementation are provided (selected at configure time): systrace, seatbelt and rlimit. The systrace sandbox uses systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_PO...

...he privsep child can perform. This intention is to prevent a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. Three concrete sandbox implementation are provided (selected at configure time): systrace, seatbelt and rlimit. The systrace sandbox uses systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_PO...

...tion, but tracing will not occur during boot as desired. * To remove these directives (and this block comment) automatically, run * "dtrace -A" without additional arguments. See the "Anonymous Tracing" * chapter of the Solaris Dynamic Tracing Guide for details. * forceload: drv/systrace forceload: drv/sdt forceload: drv/profile forceload: drv/lockstat forceload: drv/fbt forceload: drv/fasttrap forceload: drv/systrace forceload: drv/sdt forceload: drv/profile forceload: drv/lockstat forceload: drv/fbt forceload: drv/fasttrap forceload: drv/dtrace * ^^^^ Added by DTrace It'...

Hi, I encountered a problem using Dovecot (todays CVS, 11/10/2005) with libsafe, systemwide install. Dovecot silently dies. Here is the end of the systrace output I got: bind(6, {sin_family=AF_INET, sin_port=htons(143), sin_addr=inet_addr("0.0.0.0")}}, 16) = 0 getsockname(6, {sin_family=AF_INET, sin_port=htons(143), sin_addr=inet_addr("0.0.0.0")}}, [16]) = 0 listen(6, 8) = 0 fcntl64(0x6, 0x3, 0, 0x8072...

Hi, would anyone know a soft to firewall outbound connections (applications phoning home, etc...). It would detect an unknown (to him) app that tries to connect to the outside world and it would popup a allow/deny request...AppArmor might be a bit overkill... Anyone have any experience with Systrace, TuxGuardian or Zorp GPL...? Thx, JD

...gives 'Host' and 'Match' directives that use the expanded hostname a chance to be applied. Bugfixes: * ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in ssh -W. bz#2200, debian#738692 * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace sandbox modes, as it is reachable if the connection is terminated during the pre-auth phase. * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum parsing. Minimum key length checks render this bug unexploitable to compromise SSH 1 sessions. * sshd_config(5): clarif...

...288,7 +2288,7 @@ JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); - bzero(peer_confirm_hash, peer_confirm_hash_len); + memset(peer_confirm_hash, 0, peer_confirm_hash_len); xfree(peer_confirm_hash); buffer_clear(m); In file 'sandbox-systrace.c', I've replaced the bzero() call with the equivalent memset() call. The patch file is below in (diff -u) format: --- sandbox-systrace.c.orig 2012-12-19 17:27:48.258532654 -0800 +++ sandbox-systrace.c 2012-12-19 17:28:12.705825672 -0800 @@ -140,7 +140,7 @@ box-&g...

...perform. > This intention is to prevent a compromised privsep child from being > used to attack other hosts (by opening sockets and proxying) or probing > local kernel attack surface. > > Three concrete sandbox implementation are provided (selected at > configure time): systrace, seatbelt and rlimit. > > The systrace sandbox uses systrace(4) in unsupervised "fast-path" > mode, where a list of permitted syscalls is supplied. Any syscall not > on the list results in SIGKILL being sent to the privsep child. Note > that this requires a kernel w...

...88,7 @@ JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); - bzero(peer_confirm_hash, peer_confirm_hash_len); + memset(peer_confirm_hash, 0, peer_confirm_hash_len); xfree(peer_confirm_hash); buffer_clear(m); -------------- next part -------------- --- sandbox-systrace.c.orig 2012-12-19 17:27:48.258532654 -0800 +++ sandbox-systrace.c 2012-12-19 17:28:12.705825672 -0800 @@ -140,7 +140,7 @@ box->systrace_fd, child_pid, strerror(errno)); /* Allocate and assign policy */ - bzero(&policy, sizeof(policy)); + memset(&policy, 0, sizeof(policy)...

https://bugzilla.mindrot.org/show_bug.cgi?id=2419 Bug ID: 2419 Summary: SECCOMP filter does not accept getpgid syscall Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

...gives 'Host' and 'Match' directives that use the expanded hostname a chance to be applied. Bugfixes: * ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in ssh -W. bz#2200, debian#738692 * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace sandbox modes, as it is reachable if the connection is terminated during the pre-auth phase. * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum parsing. Minimum key length checks render this bug unexploitable to compromise SSH 1 sessions. * sshd_config(5): clarif...