Re: ptrace in 2.6.5

From: Daniel Jacobowitz
Date: Tue May 11 2004 - 09:10:01 EST

Next message: Kristian Sørensen: "Companies interested in security for Embedded Linux?"
Previous message: Ricky Beam: "Re: [PATCH] Format Unit can take many hours"
In reply to: Davide Libenzi: "Re: ptrace in 2.6.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 10, 2004 at 11:41:53PM -0700, Davide Libenzi wrote:
> On Mon, 10 May 2004, Davide Libenzi wrote:
>
> > On Mon, 10 May 2004, Davide Libenzi wrote:
> >
> > > On the kernel side, this would be pretty much solved by issuing a ptrace
> > > op, with a modified EIP (+2) on return from a syscall (if in single-step
> > > mode).
> >
> > Actaully, the EIP should not be changed (since it already points to the
> > intruction following INT 0x80) and I believe it is sufficent to replace
> > the test for _TIF_SYSCALL_TRACE with (_TIF_SYSCALL_TRACE | TIF_SINGLESTEP)
> > in the system call return path. This should generate a ptrace trap with
> > EIP pointing to the next instruction following INT 0x80.
>
> The patch below (for i386) should work.

Yeah, that's what I was suggesting. I think the patch is right.

--
Daniel Jacobowitz
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kristian Sørensen: "Companies interested in security for Embedded Linux?"
Previous message: Ricky Beam: "Re: [PATCH] Format Unit can take many hours"
In reply to: Davide Libenzi: "Re: ptrace in 2.6.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]