Tavis Ormandy discovered the following vulnerabilities: I discovered one major and several minor bugs that allow escaping from systrace policy enforcement, which are corrected in 1.6e (the important one is CVE-2007-4773). ... The serious one is due to a problem tracking the return value of denied process-creating syscalls (clone, fork, vfork, etc), making it trivial to escape from any policy (i.e. they didnt have to be allowed for it to work). A less serious issue is due to a problem decoding socketcall() calls, which could result in bypassing any socket restrictions (for example, you might use systrace to limit accessible socket() domains, or address ranges for connect(), etc, etc). Another problem with socketcall() decoding could result in a double free(), when one of the arguments spans a page boundary and ptrace() starts returning EIO unexpectedly.
Andrea, please advise.
Andrea is being retired, bug 94632. No one on -dev stepped up for this, I'm all for removal. Voices?
This package has no revdeps and does not compile (bug 178036), not even in the 1.6e release, and it was never stable. Treecleaners, I would be glad if you could handle mask and removal, otherwise Security will.
Taking it Please vote, +1
Uh...reassign
++
ping
# Samuli Suominen <drac@gentoo.org> (21 Apr 2008) # Masked for removal in 30 days. Doesn't build # wrt bug 178036 and has open CVE-2007-4773 wrt # security bug 203195. sys-apps/systrace
Removed from tree.
