[RFC] GSoC 2017 proposal draft: advanced syscall tampering and filtering with Lua

Eugene Syromyatnikov evgsyr at gmail.com
Mon Apr 3 12:02:19 UTC 2017


On Thu, Mar 30, 2017 at 5:56 PM, Victor Krapivensky
<krapivenskiy.va at phystech.edu> wrote:
> On Thu, Mar 30, 2017 at 05:28:55AM +0200, Eugene Syromyatnikov wrote:
>> The one quite interesting aspect, from my point of view, is the way you
>> expect to access (and modify) argument data. For example, some syscalls
>> (like sendmsg or evdev/dm ioctls or siginfo-related ones) have quite
>> non-trivial argument semantics — pointers upon pointers upon pointers;
>> related decoders have quite significant amount of code in order to
>> retrieve them. Note also, that argument decoding also depends on
>> tracee's ABI and the values of other arguments (various "dispatcher"
>> calls like ioctl or prctl are good example).  Do you have any ideas
>> regarding the subject?
>
> But it is still possible to access such arguments by means of FFI
> library -- one just needs ptr_to_kulong() and information on current
> architecture/personality. And what's the problem with the "dispatcher"
> calls?
>
> A Lua library that provides definitions of various structures and
> decodes syscalls can later be implemented on top of that, but this is
> not a part of my proposal.
The problem with accessing data is that you should replicate all the
decoder's knowledge regarding argument semantics in Lua in order to
access them properly. But looks like indeed this is outside of the
scope of your proposal, so let's keep it this way.

> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Strace-devel mailing list
> Strace-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/strace-devel



-- 
Eugene Syromyatnikov
mailto:evgsyr at gmail.com
xmpp:esyr at jabber.{ru|org}




More information about the Strace-devel mailing list