From ray at cyth.net  Wed May  9 10:00:14 2007
From: ray at cyth.net (Ray Lai)
Date: Wed May  9 10:00:44 2007
Subject: [Systrace] Killing processes instead of returning -1 with errno =
	EPERM?
Message-ID: <20070509140037.GU4515@cybertron.cyth.net>

It's been bothering me that systrace denies system calls by returning
-1 and setting errno to EPERM by default.  For instance, getuid(2)
cannot fail; with an incorrect systrace policy, it can.  Another
example is fstat(2): a program can check if (errno == EBADF); else
if (errno == EFAULT); else /* must be EIO */; and go down an otherwise
impossible code path.

One way to deny system calls without generating otherwise impossible
failures is to kill the process.  Processes die all the time without
warning, whether due to a user doing kill -9 or the system is
shutting down.  If a program is trying to make a denied system call,
should it really be allowed to continue after the system call is
blocked?

Thoughts?

-Ray-