Sysjail Explained

sysjail is a defunct user-land virtualiser for systems supporting the systrace library - as of version 1.0 limited to OpenBSD, NetBSD and MirOS. Its original design was inspired by FreeBSD jail, a similar utility (although part of the kernel) for FreeBSD. sysjail was developed and released in 2006 by Kristaps Dzonsons (aka Johnson), a research assistant in Game theory at the Stockholm School of Economics, and Maikls Deksters.[1]

sysjail was re-written from scratch in 2007 to support emulated processes in jails, limited (initially) to Linux emulation.

The project was officially discontinued on 3 March 2009 due to flaws inherent to syscall wrapper-based security architectures. The restrictions of sysjail could be evaded by exploiting race conditions between the wrapper's security checks and kernel's execution of the syscalls. [2]

External links

Notes and References

  1. http://old.nabble.com/sysjail%3A-OpenBSD-%22jail%22-implementation-p4513064.html sysjail: OpenBSD "jail" implementation
  2. Watson, Robert N. M., Exploiting Concurrency Vulnerabilities in System Call Wrappers