[Systrace] linux binaries in shell scripts
Niels Provos
provos at citi.umich.edu
Mon Jan 19 13:12:38 EST 2004
On Sat, Jan 17, 2004 at 12:26:05AM +0100, Nikolay Sturm wrote:
> On OpenBSD-current, if a shell script is executed under systrace and
> then starts a linux binary, systrace seems broken. To reproduce,
> use the policy file at the end of this mail and do sth like
>
> systrace -a -i -f systrace.policy /usr/local/bin/acroread --help
>
> In OpenBSD 3.4 acroread happily produces the desired output, while in
> -current it produces these log entries:
>
> systrace: deny user: sturm, prog: /usr/local/bin/acroread, pid: 11739(0)[0], policy: /usr/local/bin/acroread, filters: 130, syscall: native-settimeofday(122), args: 4
>
> systrace: deny user: sturm, prog: /usr/local/bin/acroread, pid: 11739(0)[0], policy: /usr/local/bin/acroread, filters: 130, syscall: native-compat_43_okillpg(146), args: 12
>
> I traced this back to a commit in October 2003 to "fix a race condition
> between path resolution in userland and the subsequent namei()".
Hmm. It looks to me as if the switch between emulations is not
reported correctly by the kernel. This should be unrelated to
the symlink stuff. A fix should be simple. I will look into it.
Niels.
More information about the systrace
mailing list