On Sat, Aug 19, 2000 at 03:37:07AM +0200, Julien Oster wrote:
> int new_execve (struct pt_regs regs) {
> return real_execve (regs);
> }
>
> real_execve is a function pointer initialized from the old entry in the
> sys_call_table. Everything seems correct.
execve manipulates the struct pt_regs on the stack but you're passing a
copy of the struct pt_regs to it, so sys_execve will manipulate that one
and leave the real stackframe unchanged. As the result the syscall
will return to the address it got called from - but in the new program -
and not to the entry of the new process.
Fix: don't call sys_execve() yourself, instead copy it's code into your
function new_execve. Have fun because you're tampering with architecture
dependant code, so you'll have to fix that once for every architecture.
But how about using ptrace(2) insted? No kernel changes ...
Ralf
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Aug 23 2000 - 21:00:06 EST