Contributed by grey on from the Remember when systrace was the new hawtness? This editor does. dept.
As implied by the article's title, Florian's writing covers a wide range of exploit mitigation efforts within OpenBSD. Early examples such as previous attempts at privilege dropping in ping(8) are explored from 26 years ago. Progressing towards the present, Florian moves onto reflections involving systrace(4) which was shown to the world by Niels Provos at CanSecWest in 2002. However, as Florian describes some of systrace's shortcomings, readers are provided with insights into the eventual motivation behind pledge(2) having resulted from code previously evolved out of tame(2) and now more widely available and deployed in OpenBSD in complement to unveil(2). Florian continues writing about privilege separation in dhcpleased(8) though makes passing mention that similar techniques were used in slaacd(8) and unwind(8). This editor will note: some of that sort of defense in depth design seems as if it may have been inspired by prior art in MTAs such as djb's qmail or Wieste Venema's Postfix?
This meditation is a deep dive with historical perspective on where some past mitigation approaches went sideways or were less tenable. Code excerpts abound. Florian's footnotes even share some thoughts on how similar challenges are addressed not just within OpenBSD but in how at least one other operating system has attempted to provide their own mitigation framework.
(Comments are closed)