This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: system call interposition using LD_PRELOAD


On Thu, Mar 29, 2012 at 10:49 PM, Godmar Back <godmar@gmail.com> wrote:
> Thanks for the replies.
>
> ptrace will not work - this is not for an strace or debugging tool,
> it's for an exceptionless system call implementation, similar to
> FlexSC: http://www.eecg.toronto.edu/~livio/papers/flexsc-osdi10.pdf

In the future please start by answering "What problem are you trying to solve?"

It saves everyone time :-)

The paper is very interesting, even if x86 already has special faster
special case syscall instructions.

The kernel also has vsyscalls for *simple* syscalls which don't
require crossing into the kernel

> Obviously, they must have found a way - I'm wondering if they were
> using GNU libc or a different library.

They don't say the replaced *all* system calls.

They provide a pthreads library which uses their special exceptionless
system, but not an entire C library.

They can also override open/close and some common low-level IO because
these symbols are designed to be changed by user applications
(including mmap).

Thus you catch some but not *all* of the system calls in this way.

The *best* way to catch all the system calls is to rebuild glibc.

You'll need to change sysdep.h and provide your own versions of the
following macros:
PSEUDO
PSEUDO_END
PSEUDO_NOERROR
PSEUDO_END_NOERROR
PSEUDO_ERRVAL
PSEUDO_END_ERRVAL
ret
SYSCALL_ERROR_HANDLER
DO_CALL
DOARGS_*
POPARGS_*
LOADARGS_*
RESTOREARGS_*
INLINE_SYSCALL
INTERNAL_SYSCALL
INTERNAL_SYSCALL_DECL
INTERNAL_SYSCALL_ERROR_P
INTERNAL_SYSCALL_ERRNO

In both PIC and non-PIC cases.

The macros in sysdep.h for the machine are used to:

(a) Generate assembly syscall wrappers from syscalls.list for all
function calls that are simple wrapper around kernel system calls

and

(b) Generate inline system calls for functions that want to make
inline system calls to the kernel from C code.

By interposing yourself with a custom sysdep.h you will have control
over *all* the system calls made by the C library.

Cheers,
Carlos.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]