Vulnerability Development mailing list archives
Re: Capturing System Calls
From: Ryan () EEYE COM (Ryan Permeh)
Date: Thu, 22 Jun 2000 10:15:42 -0700
On solaris, you can watch calls to the system from userland using truss, there is an equivilent on linux and I blieve [open/net/free]bsd that does the same thing whose name escapes me at the moment. This doesn't allow you to modify, just monitor, and it is strictly noninteractive(ie: you can't break on specific systems calls, etc). A good debugger with symbol tables loaded, however, will allow this functionality.(ie: break on system(), look at data about to be passed, etc). Signed, Ryan eEye Digital Security Team http://www.eEye.com ----- Original Message ----- From: "Green Charles Contr AFRL/IFGB" <Charles.Green () RL AF MIL> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Thursday, June 22, 2000 9:23 AM Subject: Capturing System Calls
On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to
capture/modify
system calls calls from an application with out modifying the kernel (or using kernel modules) - preferably in userspace? The reason I ask is that
a
group of us are being asked to evaluate a piece of software for my company but they've put some heavy restrictions on how we do it. One of the restriction is that we're not allowed to modify the kernel.
Current thread:
- Re: Another new worm??? (technical), (continued)
- Re: Another new worm??? (technical) Max Vision (Jun 23)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Christofer C. Bell (Jun 22)
- Re: Capturing System Calls Steve Mosher (Jun 22)
- Re: Capturing System Calls Chon-Chon Tang (Jun 22)
- Re: Capturing System Calls Jonathan Leto (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Capturing System Calls Ryan Permeh (Jun 22)
- Re: Capturing System Calls Pavel Kankovsky (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Andrew Reisse (Jun 22)
- Re: Capturing System Calls Rajiv Dighe (Jun 22)
- Re: Capturing System Calls Granquist, Lamont (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Fwd: ShowFile CGI Security Vulnerability Blue Boar (Jun 21)
- Re: Another new worm??? Crispin Cowan (Jun 22)