Stop further socket() or connect() calls.
mal content
artifact.one at googlemail.com
Wed Jul 5 17:05:35 UTC 2006
On 05/07/06, Daan Vreeken [PA4DAN] <Danovitsch at vitsch.net> wrote:
> On Wednesday 05 July 2006 03:15, mal content wrote:
> > On 03/07/06, Peter Jeremy <peterjeremy at optushome.com.au> wrote:
> > > For dynamic executables, you could LD_PRELOAD a .so that replaces
> > > all the socket-related syscalls.
> >
> > Excellent suggestion! Ok, I've created a basic .so file with the following
> > code, but I've basically got stuck because I don't know how the original
> > syscalls are defined and can't find the definitions in the source:
> >
> > ---
> > #include <sys/syscall.h>
> > #include <sys/types.h>
> > #include <sys/socket.h>
> >
> > int socket(int d, int t, int prot)
> > {
> > return __syscall(SYS_socket, d, t, prot);
> > }
> > [ ... ]
>
> Wouldn't this still allow a program to open sockets when the program does the
> __syscall() dance for itself instead of relying on socket() to work?
> I have never tried MAC myself, so correct me if I'm wrong, but I think
> something like this could be done using a modified version of mac_portacl(4).
Yes, it would. It's not meant as a security measure, more a sort of 'make this
app misbehave' for testing purposes. Seems to be working well anyway now.
MC
More information about the freebsd-hackers
mailing list