Date: Mon, 02 Apr 2007 10:31:22 +0200 From: w0rm <w0rm@kmit.sk> To: freebsd-hackers@freebsd.org Subject: Re: Deny system call using ptrace Message-ID: <4610BF5A.7060807@kmit.sk> In-Reply-To: <460EE276.1020802@kmit.sk>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Stanislav Ochotnicky wrote:
> Problem is, that FreeBSD kernel seems to ignore changed register, and
> execute original system call.
Oh well...So I'll just (try) to answer myself :)
The problem seems to be, as far as I can tell that syscall() routine
fills in syscall code and arguments, then does other stuff, finally
calling requested syscall itself. But whether process is traced is
checked after call, so there is no way to block it. I cannot tell what
would moving this block:
--------------cut here ------
/*
* Traced syscall.
*/
if ((orig_tf_eflags & PSL_T) && !(orig_tf_eflags & PSL_VM)) {
frame->tf_eflags &= ~PSL_T;
ksiginfo_init_trap(&ksi);
ksi.ksi_signo = SIGTRAP;
ksi.ksi_code = TRAP_TRACE;
ksi.ksi_addr = (void *)frame->tf_eip;
trapsignal(td, &ksi);
}
-------------cut here -------
do to MP safety or other stuff. If it could be in fact safely moved to
the beginning of syscall(), it would greatly enhance features of ptrace().
Regards,
S.O.
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGEL9fB9Uc/HGhZ3wRCHa3AJ4jioGF5/jO5a8ZTFtxonAnBRDorwCeNEWF
AMXUvaNOX790KbVpqQfteMU=
=VKe5
-----END PGP SIGNATURE-----
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4610BF5A.7060807>