Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Capturing System Calls

From: geetwentythree () YAHOO COM (Marcy Abene)
Date: Thu, 22 Jun 2000 14:28:04 -0700

On Thu, 22 Jun 2000, Green Charles Contr AFRL/IFGB wrote:

I was thinking along these lines too. I haven't actually gotten my
hands on the application yet but considering it's a security product
it's probably statically linked.

One more stipulation of the test, I'm not allowed to run it "wrapped"
by another program, truss, strace, etc...

This line of thinking actually stemmed from a friendly argument I and
one of the guys on the team were having. I said that it couldn't be
done without getting into the kernel and he was telling me that he's
seen software that could do it. I was giving him the benefit of the
doubt and was hoping you guys could prove me wrong :-)



Hi af.mil,

Can you please name a single example of when this would ever matter?  Why
would you want to analyze system calls WITHOUT the use of tools that do

exactly that?  What is your point?  Why are you wasting taxpayer dollars

to play these time-wasting games, when the tools are right in front of

you?

You've got:
 http://subterfugue.org/
 ftp://ftp.tislabs.com/pub/wrappers
 kernel modules
 Linux: strace, ltrace, gdb
 FreeBSD: ktrace, gdb
 Solaris 6-7: truss, gdb
 Solaris 8: apptrace, gdb
GET TO WORK!

Concerned taxpayer.

__________________________________________________
Do You Yahoo!?
Send instant messages with Yahoo! Messenger.
http://im.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: