On 9/24/07, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote: > Ted Unangst wrote: > > On 9/23/07, Rui Miguel Silva Seabra <[EMAIL PROTECTED]> wrote: > > > >> Can you say "root can only run this and that application when su'ed from > >> that guy, and may not open any net connection, but open this file and none > >> else" in OpenBSD? If so, how can I do it? :) > >> > > > > man 4 systrace > > > > > > does http://marc.info/?l=openbsd-misc&m=118649819926825&w=2 have any > implications for whether or not to use systrace?
the exploit requires two processes that the user controls. you can use systrace to prevent this from happening.
