On 12/09, Sargun Dhillon wrote:
>
> +#define CHILD_PORT_TRY_BIND 80
> +#define CHILD_PORT_ACTUAL_BIND 4998
...
> +static int handle_req(int listener)
> +{
> + struct sockaddr_in addr = {
> + .sin_family = AF_INET,
> + .sin_port = htons(4998),
then I think
.sin_port = htons(CHILD_PORT_ACTUAL_BIND);
would be more clear...
> + .sin_addr = {
> + .s_addr = htonl(INADDR_LOOPBACK)
> + }
> + };
> + struct ptrace_getfd_args getfd_args = {
> + .options = PTRACE_GETFD_O_CLOEXEC
> + };
> + struct seccomp_notif_sizes sizes;
> + struct seccomp_notif_resp *resp;
> + struct seccomp_notif *req;
> + int fd, ret = 1;
> +
> + if (seccomp(SECCOMP_GET_NOTIF_SIZES, 0, &sizes) < 0) {
> + perror("seccomp(GET_NOTIF_SIZES)");
> + goto out;
> + }
> + req = malloc(sizes.seccomp_notif);
> + if (!req)
> + goto out;
> + memset(req, 0, sizeof(*req));
> +
> + resp = malloc(sizes.seccomp_notif_resp);
> + if (!resp)
> + goto out_free_req;
> + memset(resp, 0, sizeof(*resp));
> +
> + if (ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, req)) {
> + perror("ioctl recv");
> + goto out;
> + }
> + printf("Child tried to call bind with fd: %lld\n", req->data.args[0]);
> + getfd_args.fd = req->data.args[0];
> + fd = ptrace_getfd(req->pid, &getfd_args);
and iiuc otherwise you do not need to ptrace the child. So you could remove
ptrace(PTRACE_SEIZE) in main() and just do
ptrace(PTRACE_SEIZE, req->pid);
fd = ptrace_getfd(req->pid, &getfd_args);
ptrace(PTRACE_DETACH, req->pid);
here. However, PTRACE_DETACH won't work, it needs the stopped tracee. We can
add PTRACE_DETACH_ASYNC, but this makes me think that PTRACE_GETFD has nothing
to do with ptrace.
May be a new syscall which does ptrace_may_access() + get_task_file() will make
more sense?
Oleg.
