[Systrace] Granularity of ioctl and fcntl
Niels Provos
provos at citi.umich.edu
Sat May 7 11:13:07 EDT 2005
On Mon, May 02, 2005 at 07:55:37PM +0200, Johannes Nicolai wrote:
> I have attached a little program to demonstrate how one can use
> fcntl (the same is true for ioctl) to kill an arbitrary process that
> you were also able to kill with the kill command. However, systrace
> only gives me the opprtunity to deny or permit fnctl / ioctl at all
> but no translations are available to decide this regarding the flags
> for the system call.
I just committed code to NetBSD's versions of systrace that translates
the command names of fcntl. Took about 5 minutes to write. I attached
the diff.
Niels.
Index: register.c
===================================================================
RCS file: /cvsroot/src/bin/systrace/register.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- register.c 3 Jun 2003 04:33:44 -0000 1.9
+++ register.c 7 May 2005 15:11:02 -0000 1.10
@@ -1,4 +1,4 @@
-/* $NetBSD: register.c,v 1.9 2003/06/03 04:33:44 provos Exp $ */
+/* $NetBSD: register.c,v 1.10 2005/05/07 15:11:02 provos Exp $ */
/* $OpenBSD: register.c,v 1.11 2002/08/05 14:49:27 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -167,6 +167,8 @@
X(intercept_register_sccb("netbsd", "kill", trans_cb, NULL));
intercept_register_translation("netbsd", "kill", 0, &ic_pidname);
intercept_register_translation("netbsd", "kill", 1, &ic_signame);
+ X(intercept_register_sccb("netbsd", "fcntl", trans_cb, NULL));
+ intercept_register_translation("netbsd", "fcntl", 1, &ic_fcntlcmd);
#else
X(intercept_register_gencb(gen_cb, NULL));
X(intercept_register_sccb("native", "open", trans_cb, NULL));
@@ -271,6 +273,8 @@
X(intercept_register_sccb("native", "kill", trans_cb, NULL));
intercept_register_translation("native", "kill", 0, &ic_pidname);
intercept_register_translation("native", "kill", 1, &ic_signame);
+ X(intercept_register_sccb("native", "fcntl", trans_cb, NULL));
+ intercept_register_translation("native", "fcntl", 1, &ic_fcntlcmd);
#endif
#if !(defined(__NetBSD__) && !defined(HAVE_LINUX_FCNTL_H))
Index: systrace-translate.c
===================================================================
RCS file: /cvsroot/src/bin/systrace/systrace-translate.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- systrace-translate.c 25 Mar 2003 23:15:22 -0000 1.11
+++ systrace-translate.c 7 May 2005 15:11:02 -0000 1.12
@@ -1,4 +1,4 @@
-/* $NetBSD: systrace-translate.c,v 1.11 2003/03/25 23:15:22 provos Exp $ */
+/* $NetBSD: systrace-translate.c,v 1.12 2005/05/07 15:11:02 provos Exp $ */
/* $OpenBSD: systrace-translate.c,v 1.10 2002/08/01 20:50:17 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -72,6 +72,7 @@
static int print_uname(char *, size_t, struct intercept_translate *);
static int print_pidname(char *, size_t, struct intercept_translate *);
static int print_signame(char *, size_t, struct intercept_translate *);
+static int print_fcntlcmd(char *, size_t, struct intercept_translate *);
static int get_argv(struct intercept_translate *, int, pid_t, void *);
static int print_argv(char *, size_t, struct intercept_translate *);
@@ -389,6 +390,50 @@
}
static int
+print_fcntlcmd(char *buf, size_t buflen, struct intercept_translate *tl)
+{
+ int cmd = (intptr_t)tl->trans_addr;
+ char *name;
+
+ switch (cmd) {
+ case F_DUPFD:
+ name = "F_DUPFD";
+ break;
+ case F_GETFD:
+ name = "F_GETFD";
+ break;
+ case F_SETFD:
+ name = "F_SETFD";
+ break;
+ case F_GETFL:
+ name = "F_GETFL";
+ break;
+ case F_SETFL:
+ name = "F_SETFL";
+ break;
+ case F_GETOWN:
+ name = "F_GETOWN";
+ break;
+ case F_SETOWN:
+ name = "F_SETOWN";
+ break;
+ case F_CLOSEM:
+ name = "F_CLOSEM";
+ break;
+ case F_MAXFD:
+ name = "F_MAXFD";
+ break;
+ default:
+ snprintf(buf, buflen, "<unknown>: %d", cmd);
+ return (0);
+ }
+
+ snprintf(buf, buflen, "%s", name);
+ return (0);
+}
+
+
+static int
get_argv(struct intercept_translate *trans, int fd, pid_t pid, void *addr)
{
char *arg;
@@ -500,3 +545,8 @@
"signame",
NULL, print_signame,
};
+
+struct intercept_translate ic_fcntlcmd = {
+ "cmd",
+ NULL, print_fcntlcmd,
+};
Index: systrace.h
===================================================================
RCS file: /cvsroot/src/bin/systrace/systrace.h,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- systrace.h 1 Dec 2004 03:30:07 -0000 1.17
+++ systrace.h 7 May 2005 15:11:02 -0000 1.18
@@ -1,4 +1,4 @@
-/* $NetBSD: systrace.h,v 1.17 2004/12/01 03:30:07 provos Exp $ */
+/* $NetBSD: systrace.h,v 1.18 2005/05/07 15:11:02 provos Exp $ */
/* $OpenBSD: systrace.h,v 1.14 2002/08/05 23:27:53 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -232,6 +232,7 @@
extern struct intercept_translate ic_socktype;
extern struct intercept_translate ic_pidname;
extern struct intercept_translate ic_signame;
+extern struct intercept_translate ic_fcntlcmd;
extern struct intercept_translate ic_linux_oflags;
More information about the systrace
mailing list