Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Capturing System Calls

From: Ryan () EEYE COM (Ryan Permeh)
Date: Thu, 22 Jun 2000 10:15:42 -0700

On solaris, you can watch calls to the system from userland using truss,
there is an equivilent on linux and I blieve [open/net/free]bsd that does
the same thing whose name escapes me at the moment.

This doesn't allow you to modify, just monitor, and it is strictly
noninteractive(ie: you can't break on specific systems calls, etc).

A good debugger with symbol tables loaded, however, will allow this
functionality.(ie: break on system(), look at data about to be passed, etc).
Signed,
Ryan
eEye Digital Security Team
http://www.eEye.com

----- Original Message -----
From: "Green Charles Contr AFRL/IFGB" <Charles.Green () RL AF MIL>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Thursday, June 22, 2000 9:23 AM
Subject: Capturing System Calls


On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to

capture/modify

system calls calls from an application with out modifying the kernel (or
using kernel modules) - preferably in userspace? The reason I ask is that

a

group of us are being asked to evaluate a piece of software for my company
but they've put some heavy restrictions on how we do it. One of the
restriction is that we're not allowed to modify the kernel.
Previous By Date Next
Previous By Thread Next

Current thread: