Date: Mon, 02 Apr 2007 10:31:22 +0200 From: w0rm <w0rm@kmit.sk> To: freebsd-hackers@freebsd.org Subject: Re: Deny system call using ptrace Message-ID: <4610BF5A.7060807@kmit.sk> In-Reply-To: <460EE276.1020802@kmit.sk> References: <460EE276.1020802@kmit.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB5874C908F8A04DF1CA08A5B
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable
Stanislav Ochotnicky wrote:
> Problem is, that FreeBSD kernel seems to ignore changed register, and
> execute original system call.
Oh well...So I'll just (try) to answer myself :)
The problem seems to be, as far as I can tell that syscall() routine
fills in syscall code and arguments, then does other stuff, finally
calling requested syscall itself. But whether process is traced is
checked after call, so there is no way to block it. I cannot tell what
would moving this block:
--------------cut here ------
/*
* Traced syscall.
*/
if ((orig_tf_eflags & PSL_T) && !(orig_tf_eflags & PSL_VM)) {
frame->tf_eflags &=3D ~PSL_T;
ksiginfo_init_trap(&ksi);
ksi.ksi_signo =3D SIGTRAP;
ksi.ksi_code =3D TRAP_TRACE;
ksi.ksi_addr =3D (void *)frame->tf_eip;
trapsignal(td, &ksi);
}
-------------cut here -------
do to MP safety or other stuff. If it could be in fact safely moved to
the beginning of syscall(), it would greatly enhance features of ptrace()=
=2E
Regards,
S.O.
--------------enigB5874C908F8A04DF1CA08A5B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGEL9fB9Uc/HGhZ3wRCHa3AJ4jioGF5/jO5a8ZTFtxonAnBRDorwCeNEWF
AMXUvaNOX790KbVpqQfteMU=
=VKe5
-----END PGP SIGNATURE-----
--------------enigB5874C908F8A04DF1CA08A5B--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4610BF5A.7060807>