Date: Wed, 5 Jul 2006 18:05:32 +0100 From: "mal content" <artifact.one@googlemail.com> To: "Daan Vreeken [PA4DAN]" <Danovitsch@vitsch.net> Cc: freebsd-hackers@freebsd.org Subject: Re: Stop further socket() or connect() calls. Message-ID: <8e96a0b90607051005l5b6c5abeh6fa4b7387cae2fb6@mail.gmail.com> In-Reply-To: <200607051139.32393.Danovitsch@vitsch.net> References: <8e96a0b90607031009v4ec2630fgfc432f5dad15abda@mail.gmail.com> <20060703190448.GD727@turion.vk2pj.dyndns.org> <8e96a0b90607041815s7888cf7areb5244247b9bdb53@mail.gmail.com> <200607051139.32393.Danovitsch@vitsch.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/07/06, Daan Vreeken [PA4DAN] <Danovitsch@vitsch.net> wrote:
> On Wednesday 05 July 2006 03:15, mal content wrote:
> > On 03/07/06, Peter Jeremy <peterjeremy@optushome.com.au> wrote:
> > > For dynamic executables, you could LD_PRELOAD a .so that replaces
> > > all the socket-related syscalls.
> >
> > Excellent suggestion! Ok, I've created a basic .so file with the following
> > code, but I've basically got stuck because I don't know how the original
> > syscalls are defined and can't find the definitions in the source:
> >
> > ---
> > #include <sys/syscall.h>
> > #include <sys/types.h>
> > #include <sys/socket.h>
> >
> > int socket(int d, int t, int prot)
> > {
> > return __syscall(SYS_socket, d, t, prot);
> > }
> > [ ... ]
>
> Wouldn't this still allow a program to open sockets when the program does the
> __syscall() dance for itself instead of relying on socket() to work?
> I have never tried MAC myself, so correct me if I'm wrong, but I think
> something like this could be done using a modified version of mac_portacl(4).
Yes, it would. It's not meant as a security measure, more a sort of 'make this
app misbehave' for testing purposes. Seems to be working well anyway now.
MC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e96a0b90607051005l5b6c5abeh6fa4b7387cae2fb6>