NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/45312: ptrace: PT_SETREGS can't alter system calls

>Number:         45312
>Category:       kern
>Synopsis:       ptrace: PT_SETREGS can't alter system calls
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Aug 30 01:40:01 +0000 2011
>Originator:     Jared McNeill
>Release:        5.1_STABLE
NetBSD ironhide 5.1_STABLE NetBSD 5.1_STABLE (GENERIC) #0: Mon Aug 29 14:18:51 
EDT 2011

It's not possible using a combination of PT_SYSCALL / PT_GETREGS / PT_SETREGS 
to catch and modify a system call. Try capturing a syscall, change the syscall 
number (f.e. "regs.r_eax = SYS_getpid" on i386) and see that the original 
syscall isn't intercepted.

It looks like the same issue was present in FreeBSD. Here's the relevent 
problem report:

The test case in that bug report reproduces the problem on NetBSD also.
$ ftp
$ cc ptrace-freebsd-deny.c
$ ./a.out
sorry, pid 2900 was killed: orphaned traced process
$ ls -l
--wsr-----  1 jmcneill  users  0 Aug 29 21:36

This file shouldn't have been created.

Home | Main Index | Thread Index | Old Index