There is a straight forward solution for this problem. The initial prototype of Systrace had a look-aside buffer in the kernel for copyin. I told Robert about this, not sure if he mentioned that in his paper or not. There obviously would be some associated performance impacts.
Niels. On 8/7/07, Kristaps Dzonsons <[EMAIL PROTECTED]> wrote: > > I am using sysjail, so I am very interested how to mitigate attacks or > > is there anything OpenBSD could change to mitigate these issues? > > Until the kernel wrapper issues have been addressed, the sysjail > page has been updated to indicate that it SHOULD NOT be used > (nor should any systrace(4) system, which, to the best of my > knowledge, is only systrace(1) and Xsystrace(1)).
