Vulnerability Development mailing list archives
Re: Capturing System Calls
From: Charles.Green () RL AF MIL (Green Charles Contr AFRL/IFGB)
Date: Thu, 22 Jun 2000 17:47:13 -0400
Thank you for your concern and opinion but this isn't on the gov's dime. I work for a company (as I hope you do too) and we do work with the airforce on some projects. The airforce is kind enough to let me have an e-mail account. Next time I'll use my yahoo e-mail account :-) None of the tools will allow me to capture and replace (or wrap) system calls without modifying the kernel or wrapping the application. A member of my team said it can be done, I'm simply trying to give him the benefit of the doubt. As everyone deserves.
-----Original Message----- From: Marcy Abene [mailto:geetwentythree () yahoo com] Sent: Thursday, June 22, 2000 5:28 PM To: Green Charles Contr AFRL/IFGB; VULN-DEV () SECURITYFOCUS COM Subject: Re: Capturing System Calls On Thu, 22 Jun 2000, Green Charles Contr AFRL/IFGB wrote:I was thinking along these lines too. I haven't actually gotten my hands on the application yet but considering it's a security product it's probably statically linked. One more stipulation of the test, I'm not allowed to run it"wrapped"by another program, truss, strace, etc... This line of thinking actually stemmed from a friendlyargument I andone of the guys on the team were having. I said that it couldn't be done without getting into the kernel and he was telling me that he's seen software that could do it. I was giving him the benefit of the doubt and was hoping you guys could prove me wrong :-)Hi af.mil, Can you please name a single example of when this would ever matter? Why would you want to analyze system calls WITHOUT the use of tools that do exactly that? What is your point? Why are you wasting taxpayer dollars to play these time-wasting games, when the tools are right in front of you? You've got: http://subterfugue.org/ ftp://ftp.tislabs.com/pub/wrappers kernel modules Linux: strace, ltrace, gdb FreeBSD: ktrace, gdb Solaris 6-7: truss, gdb Solaris 8: apptrace, gdb GET TO WORK! Concerned taxpayer. __________________________________________________ Do You Yahoo!? Send instant messages with Yahoo! Messenger. http://im.yahoo.com/
Current thread:
- Re: Capturing System Calls, (continued)
- Re: Capturing System Calls Badger, Lee (Jun 22)
- Re: Capturing System Calls Badger, Lee (Jun 22)
- Re: Capturing System Calls Whyte, Jesse (Jun 22)
- Re: Capturing System Calls Edsel Adap (Jun 22)
- Re: Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Jason Legate (Jun 23)
- Re: Capturing System Calls TeeSPy (Jun 23)
- Re: Capturing System Calls Job de Haas (Jun 23)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Marcy Abene (Jun 22)
- Re: Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Joel Eriksson (Jun 23)
- Re: Capturing System Calls Darren Moffat - Solaris Sustaining Engineering (Jun 23)