From owner-freebsd-hackers@FreeBSD.ORG  Mon Apr  2 08:54:34 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2818316A402
	for <freebsd-hackers@freebsd.org>; Mon,  2 Apr 2007 08:54:34 +0000 (UTC)
	(envelope-from w0rm@kmit.sk)
Received: from alibaba.kmit.sk (alibaba.kmit.sk [194.160.28.1])
	by mx1.freebsd.org (Postfix) with ESMTP id DD22013C43E
	for <freebsd-hackers@freebsd.org>; Mon,  2 Apr 2007 08:54:33 +0000 (UTC)
	(envelope-from w0rm@kmit.sk)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by alibaba.kmit.sk (Postfix) with ESMTP id 4C2F05FB86
	for <freebsd-hackers@freebsd.org>;
	Mon,  2 Apr 2007 10:31:46 +0200 (CEST)
X-Virus-Scanned: amavisd-new at kmit.sk
Received: from [194.160.28.54] (roller.kmit.sk [194.160.28.54])
	by alibaba.kmit.sk (Postfix) with ESMTP id 7187E5FA1C
	for <freebsd-hackers@freebsd.org>;
	Mon,  2 Apr 2007 10:31:43 +0200 (CEST)
Message-ID: <4610BF5A.7060807@kmit.sk>
Date: Mon, 02 Apr 2007 10:31:22 +0200
From: w0rm <w0rm@kmit.sk>
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org
References: <460EE276.1020802@kmit.sk>
In-Reply-To: <460EE276.1020802@kmit.sk>
X-Enigmail-Version: 0.94.2.0
OpenPGP: id=71A1677C
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enigB5874C908F8A04DF1CA08A5B"
X-Mailman-Approved-At: Mon, 02 Apr 2007 11:18:26 +0000
Subject: Re: Deny system call using ptrace
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Apr 2007 08:54:34 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB5874C908F8A04DF1CA08A5B
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable

Stanislav Ochotnicky wrote:

> Problem is, that FreeBSD kernel seems to ignore changed register, and
> execute original system call.

Oh well...So I'll just (try) to answer myself :)

The problem seems to be, as far as I can tell that syscall() routine
fills in syscall code and arguments, then does other stuff, finally
calling requested syscall itself. But whether process is traced is
checked after call, so there is no way to block it. I cannot tell what
would moving this block:
--------------cut here ------
/*
 * Traced syscall.
 */
if ((orig_tf_eflags & PSL_T) && !(orig_tf_eflags & PSL_VM)) {
	frame->tf_eflags &=3D ~PSL_T;
	ksiginfo_init_trap(&ksi);
	ksi.ksi_signo =3D SIGTRAP;
	ksi.ksi_code =3D TRAP_TRACE;
	ksi.ksi_addr =3D (void *)frame->tf_eip;
	trapsignal(td, &ksi);
}
-------------cut here -------

do to MP safety or other stuff. If it could be in fact safely moved to
the beginning of syscall(), it would greatly enhance features of ptrace()=
=2E

Regards,
S.O.


--------------enigB5874C908F8A04DF1CA08A5B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGEL9fB9Uc/HGhZ3wRCHa3AJ4jioGF5/jO5a8ZTFtxonAnBRDorwCeNEWF
AMXUvaNOX790KbVpqQfteMU=
=VKe5
-----END PGP SIGNATURE-----

--------------enigB5874C908F8A04DF1CA08A5B--