From: Kenneth Johansson <ken@kenjo.org>
To: Maciej Zenczykowski <maze@cela.pl>
Cc: Ingo Molnar <mingo@elte.hu>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Syscall security
Date: Sun, 28 Sep 2003 13:38:54 +0200 [thread overview]
Message-ID: <1064749134.2095.9.camel@tiger> (raw)
In-Reply-To: <Pine.LNX.4.44.0309261611510.6080-100000@gaia.cela.pl>
On Fri, 2003-09-26 at 16:16, Maciej Zenczykowski wrote:
> > if this syscall activity is so low then it might be much more flexible to
> > control the binary via ptrace and reject all but the desired syscalls.
> > This will cause a context switch but if it's stdio only then it's not a
> > big issue. Plus this would work on any existing Linux kernel.
>
> Unfortunately sometimes the data transfer through stdio can be counted in
> hundreds of MB (or even in extreme cases a couple of GB), plus it is
> important to not slow down the execution of the code (we're timing and
> comparing execution speed of different approaches). Would doing this via
> ptrace increase the runtime of the parent pid or of the child pid or both?
> ie. would this make any syscall costly timewise (stdio is either from a
> ram disk or piped to/from a generating/checking process) or would this be
> unnoticeable?
Depends how the application writes the data it's not the amount that is
the problem it's the frequency of the calls.
It should however be possible to meassure the overhead and remove that
from the result.
As far as I know it's not possible to abort a syscall with ptrace on
entry but you can change the syscall number to something harmless like
getpid and fix the return values on exit. But it is all very much arch
dependent code.
next prev parent reply other threads:[~2003-09-28 11:47 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-26 14:05 Syscall security Maciej Zenczykowski
2003-09-26 14:10 ` Ingo Molnar
2003-09-26 14:16 ` Maciej Zenczykowski
2003-09-26 14:19 ` Ingo Molnar
2003-09-26 14:21 ` Ruth Ivimey-Cook
2003-09-26 16:14 ` Maciej Zenczykowski
2003-09-26 15:01 ` Davide Libenzi
2003-09-26 16:18 ` Maciej Zenczykowski
2003-09-28 11:38 ` Kenneth Johansson [this message]
2003-09-26 15:16 ` Muli Ben-Yehuda
2003-09-26 16:25 ` Maciej Zenczykowski
2003-09-26 15:18 ` Joe McClain
2003-09-26 16:10 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1064749134.2095.9.camel@tiger \
--to=ken@kenjo.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maze@cela.pl \
--cc=mingo@elte.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox