[PATCH] ptrace(PTRACE_POKEUSR, pid, ORIG_EAX, syscall)

Topi Miettinen (Topi.Miettinen@medialab.sonera.net)
Wed, 02 Dec 1998 21:55:04 +0200

This small patch allows changing ptraced process's ORIG_EAX, which
contains the system call number.

I tried this on a program under ptrace, it called brk(), but Linux saw
getuid() and returned the user id.

Some real examples:
fork -> clone(CLONE_PTRACE)
fork -> getpid
exec -> _exit
unlink -> rename

-Topi

diff -ru arch/i386/kernel/ptrace.c.orig arch/i386/kernel/ptrace.c
--- arch/i386/kernel/ptrace.c.orig Wed Sep 30 20:16:56 1998
+++ arch/i386/kernel/ptrace.c Wed Dec 2 21:40:41 1998
@@ -11,6 +11,7 @@
#include <linux/errno.h>
#include <linux/ptrace.h>
#include <linux/user.h>
+#include <linux/sys.h>

#include <asm/uaccess.h>
#include <asm/pgtable.h>
@@ -290,7 +291,9 @@
{
switch (regno >> 2) {
case ORIG_EAX:
- return -EIO;
+ if (value < 0 || value >= NR_syscalls)
+ return -EIO;
+ break;
case FS:
if (value && (value & 3) != 3)
return -EIO;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/