Sysjail
Encyclopedia
sysjail is a now-defunct user-land virtualiser for systems supporting the systrace
library - as of version 1.0 limited to OpenBSD
, NetBSD
and MirOS. Its original design was inspired by FreeBSD jail
, a similar utility (although part of the kernel) for FreeBSD
.
sysjail was re-written from scratch in 2007 to support emulated processes in jails, limited (initially) to Linux
emulation.
The project was officially discontinued on 2009-03-03 due to flaws inherent to syscall wrapper-based security architectures. The restrictions of sysjail could be evaded by exploiting race condition
s between the wrapper's security checks and kernel's execution of the syscalls.
Systrace
Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities...
library - as of version 1.0 limited to OpenBSD
OpenBSD
OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
, NetBSD
NetBSD
NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
and MirOS. Its original design was inspired by FreeBSD jail
FreeBSD Jail
The FreeBSD jail mechanism is an implementation of operating system-level virtualization that allows administrators to partition a FreeBSD-based computer system into several independent mini-systems called jails....
, a similar utility (although part of the kernel) for FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
.
sysjail was re-written from scratch in 2007 to support emulated processes in jails, limited (initially) to Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
emulation.
The project was officially discontinued on 2009-03-03 due to flaws inherent to syscall wrapper-based security architectures. The restrictions of sysjail could be evaded by exploiting race condition
Race condition
A race condition or race hazard is a flaw in an electronic system or process whereby the output or result of the process is unexpectedly and critically dependent on the sequence or timing of other events...
s between the wrapper's security checks and kernel's execution of the syscalls.