wrapping dynamic syscalls with wrap(1) (was: safety-rm)
Craig Boston
cb at severious.net
Thu Sep 27 07:16:18 PDT 2007
On Thu, Sep 27, 2007 at 03:55:19PM +0200, cpghost wrote:
> Ideally, users should have a generic way to wrap syscalls (or
> other dynamic library calls) with a program similar to env(1),
> let's call it wrap(1). A call to wrap(1):
Anyone who implements this should be aware of the security issues
surrounding system-call wrapping:
http://www.watson.org/~robert/2007woot/
The short version is that it's extremely difficult to safely wrap system
calls, and probably impossible without kernel support.
Craig
More information about the freebsd-current
mailing list