> It prevents me from using ptrace() to override a syscall :(
Short answer:
Grab a 2.3.24 kernel and use that. ptrace() can write on ORIG_EAX
in that kernel.
Long answer:
If you just patch your 2.2.13 kernel and remove the offending lines,
then it will work for friendly programs, but have a security hole
if the user overwrites ORIG_EAX with an illegal value. Look at
arch/i386/kernel/entry.S, entry point "tracesys", in 2.2.13 and
2.3.24 and compare. You need the 2.3.24 version.
The systm call entry code used to not tolerate changes to ORIG_EAX
and I believe that's why ptrace forbade it. That code got re-factored
about 2.1.9 so the original stumbling block is long since in the
ash can of history.
I'm curious, what are you overriding syscalls for? I am doing it for
a trace-and-replay debugger.
Michael
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/