[Systrace] trying systrace out

Steven James pyro at linuxlabs.com
Sat Jan 24 04:19:47 EST 2004 

Greetings,

This is linux 2.4.24. Now that I look for it, systrace is segfaulting.

bt on the core yields:
#0  strcmp (p1=0xbfffe377 "fsread", p2=0x0) at
../sysdeps/generic/strcmp.c:39
39            c2 = (unsigned char) *s2++;
(gdb) bt
#0  strcmp (p1=0xbfffe377 "fsread", p2=0x0) at
../sysdeps/generic/strcmp.c:39
#1  0x08057156 in linux_syscall_number (emulation=0xbfffe371 "linux",
name=0xbfffe377 "fsread") at linux-syscalls.c:166
#2  0x0804df42 in intercept_isvalidsystemcall (emulation=0xbfffe371
"linux", name=0xbfffe377 "fsread") at intercept.c:1012
#3  0x0805028a in systrace_policyprocess (policy=0x80825d0, p=0xbfffe37e "
filename eq \"/usr/root\" then permit") at policy.c:619
#4  0x08050729 in systrace_readpolicy (filename=0x806c880
"/root/.systrace/bin_ls") at policy.c:734
#5  0x0804fade in systrace_addpolicy (name=0x80824f0 "/bin/ls") at
policy.c:395
#6  0x080522e0 in execres_cb (fd=3, pid=13464, policynr=-1,
emulation=0x805e174 "linux", name=0x80824f0 "/bin/ls", arg=0x0) at
systrace.c:409
#7  0x0804dc2f in intercept_syscall_result (fd=3, pid=13464, seqnr=12,
policynr=2, name=0x805d636 "execve", code=11, emulation=0x805e174 "linux",
    args=0xbfffec78, argsize=12, result=0, rval=0xbfffed78) at
intercept.c:882
#8  0x08057c10 in linux_read (fd=3) at linux-syscalls.c:472
#9  0x0804d2ec in intercept_read (fd=3) at intercept.c:532
#10 0x08052a7e in systrace_read (fd=3, what=2, arg=0x0) at systrace.c:624
#11 0x08059c88 in event_process_active ()
#12 0x08059ded in event_loop ()
#13 0x08059ca5 in event_dispatch ()
#14 0x08053001 in main (argc=1, argv=0xbfffef1c) at systrace.c:790
#15 0x4003949d in __libc_start_main (main=0x8052aac <main>, argc=3,
ubp_av=0xbfffef14, init=0x805ade0 <__libc_csu_init>, fini=0x805ae10
<__libc_csu_fini>,
    rtld_fini=0x40012220 <_rtld_local>, stack_end=0x0) at
../sysdeps/generic/libc-start.c:152

G'day,
sjames


-------------------------steven james, director of research, linux labs
... ........ ..... ....                    230 peachtree st nw ste 2701
the original linux labs                             atlanta.ga.us 30303
      -since 1995                              http://www.linuxlabs.com
                                   office 404.577.7747 fax 404.577.7743
-----------------------------------------------------------------------


On Fri, 23 Jan 2004, marius aamodt eriksen wrote:

> * Steven James <pyro at linuxlabs.com> [040122 10:35]:
>
> > At any rate, systrace -A ls /etc performs as expected (reasonable policy
> > appears in ~/.systrace). However, after that, the same command or systrace
> > -a ls /etc fails immediatly with Killed.
>
> what kernel version?  also -- do you know if it is systrace which
> segfaults, or does that seem to be unrelated?  (are there any core
> files?)
>
> marius.
>
> --
> marius a eriksen <marius at monkey.org> | http://monkey.org/~marius/
>

More information about the systrace mailing list