Date: Mon, 02 Apr 2007 10:31:22 +0200 From: w0rm <w0rm@kmit.sk> To: freebsd-hackers@freebsd.org Subject: Re: Deny system call using ptrace Message-ID: <4610BF5A.7060807@kmit.sk> In-Reply-To: <460EE276.1020802@kmit.sk> References: <460EE276.1020802@kmit.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB5874C908F8A04DF1CA08A5B Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Stanislav Ochotnicky wrote: > Problem is, that FreeBSD kernel seems to ignore changed register, and > execute original system call. Oh well...So I'll just (try) to answer myself :) The problem seems to be, as far as I can tell that syscall() routine fills in syscall code and arguments, then does other stuff, finally calling requested syscall itself. But whether process is traced is checked after call, so there is no way to block it. I cannot tell what would moving this block: --------------cut here ------ /* * Traced syscall. */ if ((orig_tf_eflags & PSL_T) && !(orig_tf_eflags & PSL_VM)) { frame->tf_eflags &=3D ~PSL_T; ksiginfo_init_trap(&ksi); ksi.ksi_signo =3D SIGTRAP; ksi.ksi_code =3D TRAP_TRACE; ksi.ksi_addr =3D (void *)frame->tf_eip; trapsignal(td, &ksi); } -------------cut here ------- do to MP safety or other stuff. If it could be in fact safely moved to the beginning of syscall(), it would greatly enhance features of ptrace()= =2E Regards, S.O. --------------enigB5874C908F8A04DF1CA08A5B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGEL9fB9Uc/HGhZ3wRCHa3AJ4jioGF5/jO5a8ZTFtxonAnBRDorwCeNEWF AMXUvaNOX790KbVpqQfteMU= =VKe5 -----END PGP SIGNATURE----- --------------enigB5874C908F8A04DF1CA08A5B--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4610BF5A.7060807>