Vulnerability Development mailing list archives
Re: Capturing System Calls
From: GlennEverhart () FIRSTUSA COM (Everhart, Glenn (FUSA))
Date: Thu, 22 Jun 2000 14:16:05 -0400
I'd have a look at some back issues of Phrack or on Packetstorm for info on loadable kernel modules. Examples have been published of how to use same to take over the upper half of kernel calls in Linux and in Solaris. This seems the most sensible way to trap calls, since one need not rebuild kernel to do so. Sorry I don't have exact ref off the top of my head. BTW there was info for freeBSD also. -----Original Message----- From: Jonathan Leto [mailto:jonathan () leto net] Sent: Thursday, June 22, 2000 1:15 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Capturing System Calls On Thu, Jun 22, 2000 at 12:23:27PM -0400, Green Charles Contr AFRL/IFGB wrote:
On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to
capture/modify
system calls calls from an application with out modifying the kernel (or using kernel modules) - preferably in userspace? The reason I ask is that
a
group of us are being asked to evaluate a piece of software for my company but they've put some heavy restrictions on how we do it. One of the restriction is that we're not allowed to modify the kernel.
If you can't modify the kernel, then there is really no way to modify system calls, but you can see what system calls are being executed with strace/ktrace/truss . If you modify LD_PRELOAD and the application doesn't do the proper security checks, you could modify library calls to libc or something like that. -- jonathan () leto net "With pain comes clarity."
Current thread:
- Re: Capturing System Calls Oliver Friedrichs (Jun 22)
- Re: Capturing System Calls Jason Legate (Jun 22)
- Re: Capturing System Calls Edsel Adap (Jun 22)
- <Possible follow-ups>
- Re: Capturing System Calls Robert G. Ferrell (Jun 22)
- Re: Capturing System Calls Everhart, Glenn (FUSA) (Jun 22)
- Re: Capturing System Calls Badger, Lee (Jun 22)
- Re: Capturing System Calls Badger, Lee (Jun 22)
- Re: Capturing System Calls Whyte, Jesse (Jun 22)
- Re: Capturing System Calls Edsel Adap (Jun 22)
- Re: Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Jason Legate (Jun 23)
- Re: Capturing System Calls TeeSPy (Jun 23)
- Re: Capturing System Calls Job de Haas (Jun 23)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Marcy Abene (Jun 22)
(Thread continues...)