Re: hook of syscall

• Next message: Pavel Machek: "Re: hook of syscall"
• Previous message: Stefan Monnier: "Re: Announce: modutils 2.3.11 is available - the debugger's helper"
• In reply to: Tigran Aivazian: "Re: hook of syscall"
• Next in thread: Tabei Koji: "RE: hook of syscall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > > yes, an example of changing system calls (temporarily) is in a timetravel
> > > module I wrote ages ago:
> >
> > > http://www.ocston.org/~tigran/tt/tt.html

Actually, I should be able to reimplement timetravel with less than 50
lines of python code in userspace.......

........but I'd have a race there where apps would be able to see the
time in memory (with stat()) from clone()d thread for very short
time. I'd have to do stat in subterfugue to be completely safe. (But I
doubt application will do very expensive tricks to have 1% chance to
read right time ;-).

> > Hmm. I've not looked on your beast yet, but I'm puzzled: you can intercept
> > userspace calls easily (you do not need do it in kernel in fact: take look on
> > strace/ltrace/etc) but sometimes kernel just calls sys_open directly ! Is it
> > intercepted in your timetravel module as well ?
>
> changing system calls implementation, i.e. replacing them (perhaps
> temporarily) is quite different from intercepting or more correctly
> "tracing" them, which is what strace/ltrace do. Tracing is a weak form of
> replacing, i.e. can be thought of as "replacing with a copy surrounded by
> a chunk of code that dumps some arguments, return codes etc."
>
> Have a look at tracesys: label in entry.S and at syscall_trace() function
> in arch/i386/kerne/ptrace.c to see what I am talking about.
>
> See the difference now?

Actually, we can do syscall modification with strace-like thing
easily. Take a look at subterfugue.org.

Do you want to redirect all accesses from /etc to /tmp/foo/bar? No
problem, sf -t Scratch -t Arg:"p1=['/etc'];p2=['/tmp/foo/bar']" should
do the job for you.

> However, I know that intercepting (and not just tracing) can be done in
> userspace using LD_PRELOAD facility of shared libraries. This leaves one
> case where a kernel implementation is a "must" - statically linked
> binaries.

No. Subterfugue works well for that.

                                                                Pavel

-- 
The best software in life is free (not shareware)!		Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Pavel Machek: "Re: hook of syscall"
• Previous message: Stefan Monnier: "Re: Announce: modutils 2.3.11 is available - the debugger's helper"
• In reply to: Tigran Aivazian: "Re: hook of syscall"
• Next in thread: Tabei Koji: "RE: hook of syscall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:19 EST