PTRACE_POKEUSR with ORIG_EAX

Topi Miettinen (Topi.Miettinen@medialab.sonera.net)
Sun, 29 Nov 1998 15:52:56 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jes Sorensen: "Re: SMP scalability: 8 -> 32 CPUs"
Previous message: Oleg Drokin: "Re: 2.1.130 Oops (sound related, reproducable)"

It seems that ORIG_EAX (which contains the system call number) can't be
changed with ptrace(PTRACE_POKEUSR, ...). Are there other reasons to this
than the obvious syscall table overflow?

arch/i386/kernel/ptrace.c line 293:
switch (regno >> 2) {
case ORIG_EAX:
return -EIO;
case FS:

Would this work instead:
case ORIG_EAX:
if (value < 0 || value >= NR_syscalls)
return -EIO:
break;
case FS:

I'd like to monitor an untrusted process, so that if it attempts to call
unlink() it will be changed to getpid(). Can that be done by changing
ORIG_EAX?

-Topi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jes Sorensen: "Re: SMP scalability: 8 -> 32 CPUs"
Previous message: Oleg Drokin: "Re: 2.1.130 Oops (sound related, reproducable)"