[Systrace] Killing processes instead of returning -1 with errno =
EPERM?
Ray Lai
ray at cyth.net
Wed May 9 10:00:14 EDT 2007
It's been bothering me that systrace denies system calls by returning
-1 and setting errno to EPERM by default. For instance, getuid(2)
cannot fail; with an incorrect systrace policy, it can. Another
example is fstat(2): a program can check if (errno == EBADF); else
if (errno == EFAULT); else /* must be EIO */; and go down an otherwise
impossible code path.
One way to deny system calls without generating otherwise impossible
failures is to kill the process. Processes die all the time without
warning, whether due to a user doing kill -9 or the system is
shutting down. If a program is trying to make a denied system call,
should it really be allowed to continue after the system call is
blocked?
Thoughts?
-Ray-
More information about the systrace
mailing list