Andi Kleen wrote: > > Not everybody. There are programs which try hard to distinguish between > > int80 and syscall. One such example is a sandbox for programming contests > > I wrote several years ago. It analyses the instruction before EIP and as > > it does not allow threads nor executing writeable memory, it should be > > correct. > > There are other ways to break it, like using the syscall itself to change > input arguments or using ptrace from another process and other ways. > > Generally there are so many races with ptrace that if you want to do > things like that it's better to use a LSM. That's what they are for. I could see the LSM approach working *if* there was an LSM module to make it available to unpriviledged userspace. I.e. a replacement for ptrace() for this purpose. It would be nice to be able to trace and check syscall strings properly. -- Jamie -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
