Hi,
while getting familiar with OpenBSD, I've noticed a utility called systrace
(http://www.citi.umich.edu/u/provos/systrace/, http://www.systrace.org/). This
application can alter behavior of syscalls on a simple rules basis; it can
operate on various backends and systems: it's native in OpenBSD and NetBSD, it
has generic ptrace backend (yes, I know that's not really safe) and it has a
Linux kernel patch.
The latest Linux kernel patch I've found was for 2.6.13.4; I've found no mention
of systrace whatsoever when searching through LKML, so I've decided to try my
best and upgrade it to 2.6.19.
Please see the attached patch; it basically only fixes of what didn't apply
clean with the old patch. It's been vaguely tested and it appears to work
as expected.
As I'm not the author, nor do I understand exactly the internals, I'd merely
like to ask someone to look at it, comment it, perhaps even fix it; in the most
optimistic thoughts, maintain it.
My thought on the patch is that linux_sysent.c could be replaced by something
way cleaner. Also, I'm not entirely certain whether it should be in drivers/
instead of security/. Last but definitely not least, only x86 asm code is
available, so it'd have to be ported to other architectures as well.
Thanks in advance for any reply.
PS.: Please, CC me, I'm off-list.
PPS.: To build systrace userland application to use the Linux kernel backend,
ensure that the configure script has access to systrace header files.