Vulnerability Development mailing list archives
Re: Capturing System Calls
From: jonathan () LETO NET (Jonathan Leto)
Date: Thu, 22 Jun 2000 13:14:31 -0400
On Thu, Jun 22, 2000 at 12:23:27PM -0400, Green Charles Contr AFRL/IFGB wrote:
On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to capture/modify system calls calls from an application with out modifying the kernel (or using kernel modules) - preferably in userspace? The reason I ask is that a group of us are being asked to evaluate a piece of software for my company but they've put some heavy restrictions on how we do it. One of the restriction is that we're not allowed to modify the kernel.
If you can't modify the kernel, then there is really no way to modify system calls, but you can see what system calls are being executed with strace/ktrace/truss . If you modify LD_PRELOAD and the application doesn't do the proper security checks, you could modify library calls to libc or something like that. -- jonathan () leto net "With pain comes clarity."
Current thread:
- Re: Another new worm??? (technical), (continued)
- Re: Another new worm??? (technical) Max Vision (Jun 23)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? (technical) Max Vision (Jun 23)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Christofer C. Bell (Jun 22)
- Re: Capturing System Calls Steve Mosher (Jun 22)
- Re: Capturing System Calls Chon-Chon Tang (Jun 22)
- Re: Capturing System Calls Jonathan Leto (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Capturing System Calls Ryan Permeh (Jun 22)
- Re: Capturing System Calls Pavel Kankovsky (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Andrew Reisse (Jun 22)
- Re: Capturing System Calls Rajiv Dighe (Jun 22)
- Re: Capturing System Calls Granquist, Lamont (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Fwd: ShowFile CGI Security Vulnerability Blue Boar (Jun 21)