From owner-freebsd-hackers@FreeBSD.ORG Wed Jul 5 17:05:34 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFFF816A4E1 for ; Wed, 5 Jul 2006 17:05:34 +0000 (UTC) (envelope-from artifact.one@googlemail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id F337043D45 for ; Wed, 5 Jul 2006 17:05:33 +0000 (GMT) (envelope-from artifact.one@googlemail.com) Received: by nf-out-0910.google.com with SMTP id l35so1289356nfa for ; Wed, 05 Jul 2006 10:05:32 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=FCQVtSNyu8aPyoIKcgWpXx7lMP6Cio5F1sGyjhKHKs6MAYuApyD4MR3uU9+2Z0iPLSvqk2LvQxmNckOD3snbWLiJcIKsjRFChoP5/5braUIlk/nGe1Csxde7cHUMR4fiPxdUko97POuHY5yT4lk4Eiyr4CY00y+gut5FbjQqfqc= Received: by 10.78.156.6 with SMTP id d6mr2440708hue; Wed, 05 Jul 2006 10:05:32 -0700 (PDT) Received: by 10.78.43.9 with HTTP; Wed, 5 Jul 2006 10:05:32 -0700 (PDT) Message-ID: <8e96a0b90607051005l5b6c5abeh6fa4b7387cae2fb6@mail.gmail.com> Date: Wed, 5 Jul 2006 18:05:32 +0100 From: "mal content" To: "Daan Vreeken [PA4DAN]" In-Reply-To: <200607051139.32393.Danovitsch@vitsch.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <8e96a0b90607031009v4ec2630fgfc432f5dad15abda@mail.gmail.com> <20060703190448.GD727@turion.vk2pj.dyndns.org> <8e96a0b90607041815s7888cf7areb5244247b9bdb53@mail.gmail.com> <200607051139.32393.Danovitsch@vitsch.net> Cc: freebsd-hackers@freebsd.org Subject: Re: Stop further socket() or connect() calls. X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2006 17:05:35 -0000 On 05/07/06, Daan Vreeken [PA4DAN] wrote: > On Wednesday 05 July 2006 03:15, mal content wrote: > > On 03/07/06, Peter Jeremy wrote: > > > For dynamic executables, you could LD_PRELOAD a .so that replaces > > > all the socket-related syscalls. > > > > Excellent suggestion! Ok, I've created a basic .so file with the following > > code, but I've basically got stuck because I don't know how the original > > syscalls are defined and can't find the definitions in the source: > > > > --- > > #include > > #include > > #include > > > > int socket(int d, int t, int prot) > > { > > return __syscall(SYS_socket, d, t, prot); > > } > > [ ... ] > > Wouldn't this still allow a program to open sockets when the program does the > __syscall() dance for itself instead of relying on socket() to work? > I have never tried MAC myself, so correct me if I'm wrong, but I think > something like this could be done using a modified version of mac_portacl(4). Yes, it would. It's not meant as a security measure, more a sort of 'make this app misbehave' for testing purposes. Seems to be working well anyway now. MC