Date: Sun, 01 Apr 2007 00:36:38 +0200 From: Stanislav Ochotnicky <stanislav.ochotnicky@kmit.sk> To: freebsd-hackers@freebsd.org Subject: Deny system call using ptrace Message-ID: <460EE276.1020802@kmit.sk>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig74E48E8AA4A6B00D1143CA34 Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Hi, I'm trying to create sort of user-space access control system based on allowing/denying syscalls. I was able (after a few problems) to start ptracing program, stop at every enter/exit from system call, inspect arguments etc. What I'm however trying to do, is denying access to syscalls. In linux I was able to do this by changing register eax to SYS_getpid or other safe system call using ptrace(PT_SETREGS,..). Problem is, that FreeBSD kernel seems to ignore changed register, and execute original system call. If I do PT_SETREGS and right after that PT_GETREGS, I can see that register was changed, so that should be ok. It is possible I'm missing something, or there is another option. I'd be grateful for any advice or idea. Thanks, S.O. --------------enig74E48E8AA4A6B00D1143CA34 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGDuJ9B9Uc/HGhZ3wRCDg/AKCKTx+GSxXyD4WIq/waShnDyEcQ8ACfSQvN cluHm6M02nO2AItKjE0FKDw= =LMMz -----END PGP SIGNATURE----- --------------enig74E48E8AA4A6B00D1143CA34--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?460EE276.1020802>