kern/45312: ptrace: PT_SETREGS can't alter system calls

[jmcneill%invisible.ca@localhost]

>Number:         45312
>Category:       kern
>Synopsis:       ptrace: PT_SETREGS can't alter system calls
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Aug 30 01:40:01 +0000 2011
>Originator:     Jared McNeill
>Release:        5.1_STABLE
>Organization:
>Environment:
NetBSD ironhide 5.1_STABLE NetBSD 5.1_STABLE (GENERIC) #0: Mon Aug 29 14:18:51 
EDT 2011  
jmcneill%ramjet.invisible.ca@localhost:/home/jmcneill/branches/netbsd-5/src/sys/arch/i386/compile/obj/GENERIC
 i386

>Description:
It's not possible using a combination of PT_SYSCALL / PT_GETREGS / PT_SETREGS 
to catch and modify a system call. Try capturing a syscall, change the syscall 
number (f.e. "regs.r_eax = SYS_getpid" on i386) and see that the original 
syscall isn't intercepted.

It looks like the same issue was present in FreeBSD. Here's the relevent 
problem report:

http://www.freebsd.org/cgi/query-pr.cgi?pr=142958&cat=

The test case in that bug report reproduces the problem on NetBSD also.
>How-To-Repeat:
$ ftp http://alip.github.com/code/ptrace-freebsd-deny.c
$ cc ptrace-freebsd-deny.c
$ ./a.out
sorry, pid 2900 was killed: orphaned traced process
$ ls -l foo.bar
--wsr-----  1 jmcneill  users  0 Aug 29 21:36 foo.bar

This file shouldn't have been created.
>Fix: