OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Capturing System Calls
From: Oliver Friedrichs (ofriedrichsSECURITYFOCUS.COM)
Date: Thu Jun 22 2000 - 12:27:34 CDT

If you only want to see what a program is doing, use 'truss' on solaris,
'ktrace' on bsd.

DESCRIPTION
     The truss utility executes the specified command and pro-
     duces a trace of the system calls it performs, the signals
     it receives, and the machine faults it incurs. Each line of
     the trace output reports either the fault or signal name or
     the system call name with its arguments and return value(s).
     System call arguments are displayed symbolically when possi-

If you want to interactively trace the process, use the 'ptrace()' system
call.

- Oliver

> -----Original Message-----
> From: Green Charles Contr AFRL/IFGB [mailto:Charles.GreenRL.AF.MIL]
> Sent: Thursday, June 22, 2000 9:23 AM
> To: VULN-DEVSECURITYFOCUS.COM
> Subject: Capturing System Calls
>
>
> On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to
> capture/modify
> system calls calls from an application with out modifying the
> kernel (or
> using kernel modules) - preferably in userspace? The reason I
> ask is that a
> group of us are being asked to evaluate a piece of software
> for my company
> but they've put some heavy restrictions on how we do it. One of the
> restriction is that we're not allowed to modify the kernel.
>