On Fri, Feb 6, 2015 at 3:17 PM, Dmitry V. Levin <ldv@xxxxxxxxxxxx> wrote: > On Fri, Feb 06, 2015 at 12:07:03PM -0800, Kees Cook wrote: >> On Fri, Feb 6, 2015 at 11:32 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: >> > On Fri, Feb 6, 2015 at 11:23 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > [...] >> >> And an unrelated thought: >> >> >> >> 3) Can't we find some way to fix the inability of a ptracer to >> >> distinguish between syscall-enter-stop and syscall-exit-stop? >> > >> > Couldn't we add PTRACE_O_TRACESYSENTRY and PTRACE_O_TRACESYSEXIT along >> > the lines of PTRACE_O_TRACESYSGOOD? >> >> That might be a nice idea. I haven't written a test to see, but what >> does PTRACE_GETEVENTMSG return on syscall-enter/exit-stop? > > The value returned by PTRACE_GETEVENTMSG is the value set along with the > latest PTRACE_EVENT_*. > In case of syscall-enter/exit-stop (which is not a PTRACE_EVENT_*), > there is no particular value set for PTRACE_GETEVENTMSG. Could we define one to help distinguish? -Kees -- Kees Cook Chrome OS Security
