Date: Thu, 27 Sep 2007 09:16:16 -0500 From: Craig Boston <cb@severious.net> To: cpghost <cpghost@cordula.ws> Cc: Daichi GOTO <daichi@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: wrapping dynamic syscalls with wrap(1) (was: safety-rm) Message-ID: <20070927141608.GA929@nowhere> In-Reply-To: <20070927155519.114cac72@epia-2.farid-hajji.net> References: <46F905FD.9060208@freebsd.org> <20070925194008.3c2d7113@epia-2.farid-hajji.net> <46FB93BC.2000508@freebsd.org> <20070927155519.114cac72@epia-2.farid-hajji.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 27, 2007 at 03:55:19PM +0200, cpghost wrote: > Ideally, users should have a generic way to wrap syscalls (or > other dynamic library calls) with a program similar to env(1), > let's call it wrap(1). A call to wrap(1): Anyone who implements this should be aware of the security issues surrounding system-call wrapping: http://www.watson.org/~robert/2007woot/ The short version is that it's extremely difficult to safely wrap system calls, and probably impossible without kernel support. Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070927141608.GA929>