OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Capturing System Calls
From: Pavel Kankovsky (peakARGO.TROJA.MFF.CUNI.CZ)
Date: Thu Jun 22 2000 - 13:18:10 CDT


On Thu, 22 Jun 2000, Ryan Permeh wrote:

> This doesn't allow you to modify, just monitor, and it is strictly
> noninteractive(ie: you can't break on specific systems calls, etc).

Subterfugue (http://subterfugue.org/) can do virtually anything
(modify syscall parameters, ask a user whether a particular operation is
allowed etc.) but it needs a recent Linux kernel (older implementations of
ptrace() have too many shortcomings).

--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."