Vulnerability Development mailing list archives
Re: Capturing System Calls
From: Charles.Green () RL AF MIL (Green Charles Contr AFRL/IFGB)
Date: Thu, 22 Jun 2000 16:38:06 -0400
I was thinking along these lines too. I haven't actually gotten my hands on the application yet but considering it's a security product it's probably statically linked. One more stipulation of the test, I'm not allowed to run it "wrapped" by another program, truss, strace, etc... This line of thinking actually stemmed from a friendly argument I and one of the guys on the team were having. I said that it couldn't be done without getting into the kernel and he was telling me that he's seen software that could do it. I was giving him the benefit of the doubt and was hoping you guys could prove me wrong :-)
-----Original Message----- From: Andrew Reiter [mailto:s467338 () gettysburg edu] Sent: Thursday, June 22, 2000 2:33 PM To: Green Charles Contr AFRL/IFGB Subject: Re: Capturing System Calls All syscalls are actually really called through libc library. Therefore, if you modify libc, you can do this. Let me know if you need any further pointers on how to do this. Andrew On Thu, 22 Jun 2000, Green Charles Contr AFRL/IFGB wrote: |On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to capture/modify |system calls calls from an application with out modifying the kernel (or |using kernel modules) - preferably in userspace? The reason I ask is that a |group of us are being asked to evaluate a piece of software for my company |but they've put some heavy restrictions on how we do it. One of the |restriction is that we're not allowed to modify the kernel. | --------------------------------------------------------- Andrew Reiter <s467338 () gettysburg edu> Computer Security Engineer
Current thread:
- Re: Capturing System Calls Oliver Friedrichs (Jun 22)
- Re: Capturing System Calls Jason Legate (Jun 22)
- Re: Capturing System Calls Edsel Adap (Jun 22)
- <Possible follow-ups>
- Re: Capturing System Calls Robert G. Ferrell (Jun 22)
- Re: Capturing System Calls Everhart, Glenn (FUSA) (Jun 22)
- Re: Capturing System Calls Badger, Lee (Jun 22)
- Re: Capturing System Calls Badger, Lee (Jun 22)
- Re: Capturing System Calls Whyte, Jesse (Jun 22)
- Re: Capturing System Calls Edsel Adap (Jun 22)
- Re: Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Jason Legate (Jun 23)
- Re: Capturing System Calls TeeSPy (Jun 23)
- Re: Capturing System Calls Job de Haas (Jun 23)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Marcy Abene (Jun 22)
- Re: Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Joel Eriksson (Jun 23)
- Re: Capturing System Calls Darren Moffat - Solaris Sustaining Engineering (Jun 23)