Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Capturing System Calls

From: jonathan () LETO NET (Jonathan Leto)
Date: Thu, 22 Jun 2000 13:14:31 -0400

On Thu, Jun 22, 2000 at 12:23:27PM -0400, Green Charles Contr AFRL/IFGB wrote:

On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to capture/modify
system calls calls from an application with out modifying the kernel (or
using kernel modules) - preferably in userspace? The reason I ask is that a
group of us are being asked to evaluate a piece of software for my company
but they've put some heavy restrictions on how we do it. One of the
restriction is that we're not allowed to modify the kernel.


If you can't modify the kernel, then there is really no way to modify system calls,
but you can see what system calls are being executed with strace/ktrace/truss . If
you modify LD_PRELOAD and the application doesn't do the proper security checks, you
could modify library calls to libc or something like that.

--
jonathan () leto net
"With pain comes clarity."
Previous By Date Next
Previous By Thread Next

Current thread: