Re: [EXAMPLE CODE] Parasite thread injection and TCP connectionhijacking

From: Tejun Heo
Date: Sat Aug 06 2011 - 09:21:12 EST

Next message: John Coker: "RE:"
Previous message: Andrew Lutomirski: "Re: [EXAMPLE CODE] Parasite thread injection and TCP connection hijacking"
In reply to: Andrew Lutomirski: "Re: [EXAMPLE CODE] Parasite thread injection and TCP connection hijacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

On Sat, Aug 06, 2011 at 09:15:45AM -0400, Andrew Lutomirski wrote:
> On Sat, Aug 6, 2011 at 9:00 AM, Tejun Heo <tj@xxxxxxxxxx> wrote:
> > Actually, the only thing we need on x86_64 is two bytes for the
> > syscall instruction because all params are passed through registers
> > anyway. We can just set up parameters for mmap, turn on single step,
> > point %rip to syscall in the vsyscall page. So, either way, I don't
> > think this would be too difficult to solve.
>
> Not any more -- that syscall instruction is gone as of 3.1. You could
> search through the vdso to find a syscall, but that seems fragile.
>
> Why not just add a ptrace command to issue a syscall?

Yeah, maybe. If this thing proves to be useful enough and looking for
a page to poke under proc too cumbersome. I'm not against it but
don't really see strong need either at this point.

Thanks.

--
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John Coker: "RE:"
Previous message: Andrew Lutomirski: "Re: [EXAMPLE CODE] Parasite thread injection and TCP connection hijacking"
In reply to: Andrew Lutomirski: "Re: [EXAMPLE CODE] Parasite thread injection and TCP connection hijacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]