using ptrace for system calls filter
Recently i just develop an online compiler system ,taking the server security into account . For example,if the user use the fork() syscall,and it will cause the server unsafe,the ptrace syscall can realize the system calls filter, if the daemon find the unsafe syscalls kill the process!ptrace is a system call found in several Unix and Unix-like operating systems. By using ptrace (the name is a abbreviation of "process trace") one process can control another, enabling the controller to inspect and manipulate the internal state of its target. ptrace is used by debuggers and other code-analysis tools, mostly as aids to software development.
ptrace is used by debuggers (such as gdb and dbx), by tracing tools like strace and ltrace, and by code coverage tools. ptrace is also used by specialised programs to patch running programs, to avoid unfixed bugs or to overcome security features.
#include <sys/ptrace.h>
long ptrace(enum __ptrace_request request, pid_t pid, void
*addr, void *data);
the example code !
- #include <sys/ptrace.h>
- #include <sys/types.h>
- #include <sys/wait.h>
- #include <unistd.h>
- #include <linux/user.h> /* For constants
- ORIG_EAX etc */
- int main()
- { pid_t child;
- long orig_eax;
- child = fork();
- if(child == 0) {
- ptrace(PTRACE_TRACEME, 0, NULL, NULL);
- execl("/bin/ls", "ls", NULL);
- }
- else {
- wait(NULL);
- orig_eax = ptrace(PTRACE_PEEKUSER,
- child, 4 * ORIG_EAX,
- NULL);
- printf("The child made a "
- "system call %ld\n", orig_eax);
- ptrace(PTRACE_CONT, child, NULL, NULL);
- }
- return 0;
- }When run, this program prints:The child made a system call 11along with the output of ls. System call number 11 is execve, and it's the first system call executed by the child. For reference, system call numbers can be found in /usr/include/asm/unistd.h.it's cool!
reference
http://linux.die.net/man/2/ptrace
http://www.linuxjournal.com/article/6100
没有评论:
发表评论