In the First USENIX Workshop on Offensive Technologies (WOOT07) there was presentation by Robert N. M. Watson: "Exploiting Concurrency Vulnerabilities in System Call Wrappers"
with exploit code included how to bypass restrictions: http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf It seems that syscall wrappers are vulnerable on SMP systems and conclusion states: Don't use system call wrappers... ...unless willing to rewrite OS system call handler Do use a security framework integrated with the kernel's copying and synchronization I am using sysjail, so I am very interested how to mitigate attacks or is there anything OpenBSD could change to mitigate these issues?
