Systrace 1.6e

Tuesday, December 18. 2007
This release addresses a number of correctness and reliability problems with the ptrace backend. Tavis Ormandy provided fixes for the following problems: a potential escape of socket aliases and double free and a problem with fork and ptrace (CVE-2007-4773). The tar ball for Systrace 1.6e can be downloaded here. Just keep in mind that ptrace has not been designed as a security primitive and while the ptrace backend can restrict the behavior of programs in non-adversarial settings, there are many ways to circumvent it.
Posted by Niels Provos at 21:42 | Comment (1) | Trackbacks (0)

Evading System Sandbox Containment

Thursday, August 9. 2007
At WOOT this year, Robert Watson presented a paper on how to evade popular system call interposition systems, including Systrace. For Systrace, Robert noticed that the arguments written to the stackgap could be replaced by a co-operating process after Systrace performed its policy check. The initial prototype of Systrace as described in the paper avoided this problem by using a look-aside buffer in the kernel. This imposes a slight performance penality but I hope that this obvious solution is going to be included in the OpenBSD and NetBSD kernel soon.
Posted by Niels Provos at 14:51 | Comments (3) | Trackbacks (0)

Local Privilege Escalation

Monday, October 9. 2006
Chris Evans from Google Security discovered an integer overflow in the Systrace kernel code. If an adversary can open "/dev/systrace", the bug can be leveraged to gain root access. Both OpenBSD and NetBSD current have been patched. Please, update your systems.
Posted by Niels Provos at 10:42 | Comments (2) | Trackbacks (0)

Breaker!! 17 years ago...

Friday, July 14. 2006

I was going to do some late night hacking but then I found this. My first game. I wrote this in 1989 for the Amiga. I feared that this great work(!) might have been forever lost but I just found a copy of it on some warez server. The games comes with a level editor. I was esp. proud of the level editor because I used run-length encoding to compress the levels. The editor supported up to 1,000.
Posted by Niels Provos at 23:13 | Comments (0) | Trackbacks (0)

Hacking Too Much

Saturday, June 3. 2006
Been travelling and working too much on other stuff lately to make much progress with Systrace. The ptrace version works reliably enough on Linux without the kernel patch. Although, it sometimes still leaves zombie processes behind which is kind of annoying. Performance without kernel patch takes a 100% hit, too. Marius has promised to revamp the kernel patches and make them more Linux friendly. Maybe, we will be able to get them into mainline Linux then. Stay tuned.
Posted by Niels Provos in News at 21:20 | Comment (1) | Trackbacks (9)

Systrace 1.6d

Sunday, April 23. 2006
This new release of Systrace adds translations for a number of new system calls and should also take care of zombies accumulating for users of the Linux ptrace backend. Systrace now allows waitpid to execute in more cases which should hopefully reap the reparented children. Download it here. A debian package is available, too.
Posted by Niels Provos at 22:52 | Comments (0) | Trackbacks (5)

Linux kernel systrace patch set

Thursday, April 13. 2006
Last October, I updated the Linux-kernel patches for systrace. Get it here. A pre-built Debian package is available here.


Watch this space for updates in a week or two as I will be bringing the diffs up to date.

Posted by Marius Eriksen at 22:20 | Comment (1) | Trackbacks (0)

HowTo: Translating a New System Call

Sunday, April 9. 2006
Systrace does not provide translations for all system calls. But it has been designed to make adding new translations very easy. Many people have noticed that they no longer see the IP address that nslookup connects to for DNS queries after updating to a newer version of Bind. The reason is that Systrace did not provide a translation for sendmsg.

Here is what you have to do add the necessary translation.

1. Provide a translator for sendmsg by adding the following code to the end of intercept-translate.c:

Continue reading "HowTo: Translating a New System Call"

Posted by Niels Provos in Policies at 18:36 | Comments (0) | Trackbacks (47)

More Linux Ptrace fixes

Sunday, April 9. 2006
It turned out that emulating waitpid for threads was more complicated then I initially assumed. Some older Linux kernels also exhibited strange behaviors in which the cloned child could execute before the parent did. This and a bunch of other fixes went into Systrace 1.6c which is now also available as Debian package. I tested this on various 2.4 kernels and distributions and was able to use the ptrace backend to run complicated applications like FireFox and X-Chat. Things look good.
Posted by Niels Provos in News at 02:21 | Comments (0) | Trackbacks (0)

Systrace 1.6: Phoenix Release

Friday, March 24. 2006
After over three years of quiet life, Systrace 1.6: Phoenix Release is available. This release allows Systrace to run on Linux without requiring kernel changes. The regular Systrace backend has been emulated with ptrace and supports most Systrace features. Emulation of threading and signal mask computation are not implemented yet. The Phoenix image is from Eric Newport.
Posted by Niels Provos in News at 17:05 | Comment (1) | Trackbacks (0)

Local Root Exploit on NetBSD

Thursday, May 13. 2004
A bug in systrace_exit() on NetBSD-current can be exploited to get local root privileges. Update your kernel if you are are running NetBSD-current.
Posted by Niels Provos in News at 12:46 | Comments (0) | Trackbacks (0)

Systrace Mailing List

Thursday, January 1. 2004
Monkey.org has been nice enough to set up a Systrace Mailing List. The web interface can be used to manage subscriptions and check the archives. The mailing list is not very busy but annoucement are usually posted there first.
Posted by Niels Provos at 07:32 | Comment (1) | Trackbacks (0)

Systrace Cradle Mode

Thursday, November 20. 2003
Marius Eriksen implemented a new feature called Cradle Mode. In Cradle Mode, it is possible to detach the UI and reattach it again elsewhere. This is useful for system administrators who need to manage machines remotely.
Posted by Niels Provos at 02:12 | Comments (0) | Trackbacks (0)

Systrace Shell Wrapper

Thursday, March 20. 2003
Dug Song provides the source code for Monkey.org's systrace shell wrapper. It is used to systrace all user accounts on Monkey.org from the login shell. See his post for more information.
Posted by Niels Provos in Policies at 00:00 | Comment (1) | Trackbacks (0)

Michael Lucas explains Systrace Policies

Thursday, January 30. 2003
Michael Lucas posted an introductory article on creating policies for Systrace. He gives a brief overview on how system calls work and then goes into explaining the Systrace policy creation for named. If you are a new to Systrace this is a good article to read.
Posted by Niels Provos at 21:21 | Comments (0) | Trackbacks (0)
(Page 1 of 1, totaling 15 entries)