[RFC] GSoC 2017 proposal draft: advanced syscall tampering and filtering with Lua

Victor Krapivensky krapivenskiy.va at phystech.edu
Thu Mar 30 17:56:59 UTC 2017


On Thu, Mar 30, 2017 at 05:28:55AM +0200, Eugene Syromyatnikov wrote:
> The one quite interesting aspect, from my point of view, is the way you
> expect to access (and modify) argument data. For example, some syscalls
> (like sendmsg or evdev/dm ioctls or siginfo-related ones) have quite
> non-trivial argument semantics — pointers upon pointers upon pointers;
> related decoders have quite significant amount of code in order to
> retrieve them. Note also, that argument decoding also depends on
> tracee's ABI and the values of other arguments (various "dispatcher"
> calls like ioctl or prctl are good example).  Do you have any ideas
> regarding the subject?

But it is still possible to access such arguments by means of FFI
library -- one just needs ptr_to_kulong() and information on current
architecture/personality. And what's the problem with the "dispatcher"
calls?

A Lua library that provides definitions of various structures and
decodes syscalls can later be implemented on top of that, but this is
not a part of my proposal.




More information about the Strace-devel mailing list