Vulnerability Development mailing list archives
Re: Capturing System Calls
From: lcamtuf () DIONE IDS PL (Michal Zalewski)
Date: Thu, 22 Jun 2000 23:22:21 +0200
On Thu, 22 Jun 2000, Jonathan Leto wrote:
If you can't modify the kernel, then there is really no way to modify system calls, but you can see what system calls are being executed with strace/ktrace/truss .
You can intercept / change behaviour of syscalls as well (of course, not really, but by intercepting program execution and creating layer between a program and kernel). Only for debugging, of course, as there's no way to change syscall handlers from unprivledged userspace level, nor to affect privledged programs (eg. setuids) launched from luserspace.
If you modify LD_PRELOAD and the application doesn't do the proper security checks, you could modify library calls to libc or something like that.
library calls != system calls; consider statically linked applications. _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- Re: Another new worm??? (technical), (continued)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? (technical) Max Vision (Jun 23)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Christofer C. Bell (Jun 22)
- Re: Capturing System Calls Steve Mosher (Jun 22)
- Re: Capturing System Calls Chon-Chon Tang (Jun 22)
- Re: Capturing System Calls Jonathan Leto (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Capturing System Calls Ryan Permeh (Jun 22)
- Re: Capturing System Calls Pavel Kankovsky (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Andrew Reisse (Jun 22)
- Re: Capturing System Calls Rajiv Dighe (Jun 22)
- Re: Capturing System Calls Granquist, Lamont (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Fwd: ShowFile CGI Security Vulnerability Blue Boar (Jun 21)