My mistake.
I noticed later that ptrace is actually called just before system call,
however system call code and arguments are already read in kernel, and
are not re-read after ptrace finished. It simply does not count with
that possiblity.
-- cut here ---
if (error == 0) {
td->td_retv
Stanislav Ochotnicky wrote:
> Problem is, that FreeBSD kernel seems to ignore changed register, and
> execute original system call.
Oh well...So I'll just (try) to answer myself :)
The problem seems to be, as far as I can tell that syscall() routine
fills in syscall code and arguments, then does
Quoting Thijs Eilander <[EMAIL PROTECTED]> (from Mon, 2 Apr 2007
00:48:20 +0200):
If you are interested in doing some development to make it work, I am
porting systrace to FreeBSD but due to time restrictions development is
slow. More information about systrace can be found on
http://www.citi.
Thijs Eilander wrote:
> If you are interested in doing some development to make it work, I am
> porting systrace to FreeBSD but due to time restrictions development is
> slow. More information about systrace can be found on
> http://www.citi.umich.edu/u/provos/systrace/ and www.systrace.org
Yes I
>I'm trying to create sort of user-space access control system based on
allowing/denying syscalls. I was able (after a few problems) to start
ptracing >program, stop at every enter/exit from system call, inspect
arguments etc. What I'm however trying to do, is denying access to syscalls.
In linux I
Hi,
I'm trying to create sort of user-space access control system based on
allowing/denying syscalls. I was able (after a few problems) to start
ptracing program, stop at every enter/exit from system call, inspect
arguments etc. What I'm however trying to do, is denying access to
syscalls. In linu
6 matches
Mail list logo
