From owner-freebsd-hackers@FreeBSD.ORG  Sat Mar 31 23:01:13 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1C8EA16A402
	for <freebsd-hackers@freebsd.org>; Sat, 31 Mar 2007 23:01:13 +0000 (UTC)
	(envelope-from stanislav.ochotnicky@kmit.sk)
Received: from alibaba.kmit.sk (alibaba.kmit.sk [194.160.28.1])
	by mx1.freebsd.org (Postfix) with ESMTP id D43B613C489
	for <freebsd-hackers@freebsd.org>; Sat, 31 Mar 2007 23:01:12 +0000 (UTC)
	(envelope-from stanislav.ochotnicky@kmit.sk)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by alibaba.kmit.sk (Postfix) with ESMTP id DDE305FBA8
	for <freebsd-hackers@freebsd.org>;
	Sun,  1 Apr 2007 00:36:58 +0200 (CEST)
X-Virus-Scanned: amavisd-new at kmit.sk
Received: from [194.160.28.54] (roller.kmit.sk [194.160.28.54])
	by alibaba.kmit.sk (Postfix) with ESMTP id 0B4FC5FB89
	for <freebsd-hackers@freebsd.org>;
	Sun,  1 Apr 2007 00:36:57 +0200 (CEST)
Message-ID: <460EE276.1020802@kmit.sk>
Date: Sun, 01 Apr 2007 00:36:38 +0200
From: Stanislav Ochotnicky <stanislav.ochotnicky@kmit.sk>
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org
X-Enigmail-Version: 0.94.2.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enig74E48E8AA4A6B00D1143CA34"
Subject: Deny system call using ptrace
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Mar 2007 23:01:13 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig74E48E8AA4A6B00D1143CA34
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable

Hi,

I'm trying to create sort of user-space access control system based on
allowing/denying syscalls. I was able (after a few problems) to start
ptracing program, stop at every enter/exit from system call, inspect
arguments etc. What I'm however trying to do, is denying access to
syscalls. In linux I was able to do this by changing register eax to
SYS_getpid or other safe system call using ptrace(PT_SETREGS,..).
Problem is, that FreeBSD kernel seems to ignore changed register, and
execute original system call.
If I do PT_SETREGS and right after that PT_GETREGS, I can see that
register was changed, so that should be ok.

It is possible I'm missing something, or there is another option. I'd be
grateful for any advice or idea.

Thanks,

S.O.


--------------enig74E48E8AA4A6B00D1143CA34
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGDuJ9B9Uc/HGhZ3wRCDg/AKCKTx+GSxXyD4WIq/waShnDyEcQ8ACfSQvN
cluHm6M02nO2AItKjE0FKDw=
=LMMz
-----END PGP SIGNATURE-----

--------------enig74E48E8AA4A6B00D1143CA34--