system-calls

问题 I'm writing a program that spawns child processes. For security reasons, I want to limit what these processes can do. I know of security measures from outside the program such as chroot or ulimit , but I want to do something more than that. I want to limit the system calls done by the child process (for example preventing calls to open() , fork() and such things). Is there any way to do that? Optimally, the blocked system calls should return with an error but if that's not possible, then

问题 I'm learning slow system call and signals. For the normal system, the slow system call (read from terminal device) can block forever. and below example, it is possible to read to time out after some amount of time. But when I excuted it, The time out does nothing. I can't understand why. Could you explain and show me another example of slow system call? #include <stdio.h> #include <signal.h> #include <unistd.h> static void sig_alrm(int signo){ } int main(){ int n; char line[50]; if(signal

问题 I'm learning slow system call and signals. For the normal system, the slow system call (read from terminal device) can block forever. and below example, it is possible to read to time out after some amount of time. But when I excuted it, The time out does nothing. I can't understand why. Could you explain and show me another example of slow system call? #include <stdio.h> #include <signal.h> #include <unistd.h> static void sig_alrm(int signo){ } int main(){ int n; char line[50]; if(signal

问题 I'm learning slow system call and signals. For the normal system, the slow system call (read from terminal device) can block forever. and below example, it is possible to read to time out after some amount of time. But when I excuted it, The time out does nothing. I can't understand why. Could you explain and show me another example of slow system call? #include <stdio.h> #include <signal.h> #include <unistd.h> static void sig_alrm(int signo){ } int main(){ int n; char line[50]; if(signal

问题 I am trying to add a syscall in a module. My rationale is: This is for a research project, so the exact implementation does not matter. Adding syscalls in the kernel-core takes a prohibitively long time to re-compile. I can suck up compiling once with an expanded syscall table, but not every time. Even with incremental compiling, linking and archiving the final binary takes a long time. Since the project is timing sensitive, using kprobes to intercept the syscall handler would slow down the

问题 I'm trying to use ptrace to trace all syscalls made by a separate process, be it 32-bit (IA-32) or 64-bit (x86-64). My tracer would run on a 64-bit x86 installation with IA-32 emulation enabled, but ideally would be able to trace both 64-bit and 32-bit applications, including if a 64-bit application forks and execs a 32-bit process. The issue is that, since 32-bit and 64-bit syscall numbers differ, I need to know whether a process is 32-bit or 64-bit to determine which syscall it used, even

问题 I wrote an example of system call hooking from our Linux Kernel module. Updated open system call in system call table to use my entry point instead of the default. #include <linux/module.h> #include <linux/kallsyms.h> MODULE_LICENSE("GPL"); char *sym_name = "sys_call_table"; typedef asmlinkage long (*sys_call_ptr_t)(const struct pt_regs *); static sys_call_ptr_t *sys_call_table; typedef asmlinkage long (*custom_open) (const char __user *filename, int flags, umode_t mode); custom_open old_open

问题 I wrote an example of system call hooking from our Linux Kernel module. Updated open system call in system call table to use my entry point instead of the default. #include <linux/module.h> #include <linux/kallsyms.h> MODULE_LICENSE("GPL"); char *sym_name = "sys_call_table"; typedef asmlinkage long (*sys_call_ptr_t)(const struct pt_regs *); static sys_call_ptr_t *sys_call_table; typedef asmlinkage long (*custom_open) (const char __user *filename, int flags, umode_t mode); custom_open old_open

问题 I have the below code that opens up a file, reads it into a buffer and then closes the file. The close file system call requires that the file descriptor number be in the ebx register. The ebx register gets the file descriptor number before the read system call is made. My question is should I save the ebx register on the stack or somewhere before I make the read system call, (could int 80h trash the ebx register?). And then restore the ebx register for the close system call? Or is the code I

问题 I have the below code that opens up a file, reads it into a buffer and then closes the file. The close file system call requires that the file descriptor number be in the ebx register. The ebx register gets the file descriptor number before the read system call is made. My question is should I save the ebx register on the stack or somewhere before I make the read system call, (could int 80h trash the ebx register?). And then restore the ebx register for the close system call? Or is the code I