From owner-freebsd-current@FreeBSD.ORG Thu Sep 27 14:16:18 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E76B16A41B for ; Thu, 27 Sep 2007 14:16:18 +0000 (UTC) (envelope-from cb@severious.net) Received: from ion.gank.org (ion.gank.org [69.55.238.164]) by mx1.freebsd.org (Postfix) with ESMTP id 4641513C4BD for ; Thu, 27 Sep 2007 14:16:17 +0000 (UTC) (envelope-from cb@severious.net) Received: by ion.gank.org (Postfix, from userid 1001) id B2E64111F3; Thu, 27 Sep 2007 09:16:17 -0500 (CDT) Date: Thu, 27 Sep 2007 09:16:16 -0500 From: Craig Boston To: cpghost Message-ID: <20070927141608.GA929@nowhere> Mail-Followup-To: Craig Boston , cpghost , Daichi GOTO , FreeBSD Current References: <46F905FD.9060208@freebsd.org> <20070925194008.3c2d7113@epia-2.farid-hajji.net> <46FB93BC.2000508@freebsd.org> <20070927155519.114cac72@epia-2.farid-hajji.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070927155519.114cac72@epia-2.farid-hajji.net> User-Agent: Mutt/1.4.2.3i Cc: Daichi GOTO , FreeBSD Current Subject: Re: wrapping dynamic syscalls with wrap(1) (was: safety-rm) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Sep 2007 14:16:18 -0000 On Thu, Sep 27, 2007 at 03:55:19PM +0200, cpghost wrote: > Ideally, users should have a generic way to wrap syscalls (or > other dynamic library calls) with a program similar to env(1), > let's call it wrap(1). A call to wrap(1): Anyone who implements this should be aware of the security issues surrounding system-call wrapping: http://www.watson.org/~robert/2007woot/ The short version is that it's extremely difficult to safely wrap system calls, and probably impossible without kernel support. Craig