Skip to content

Local Privilege Escalation

Chris Evans from Google Security discovered an integer overflow in the Systrace kernel code. If an adversary can open "/dev/systrace", the bug can be leveraged to gain root access. Both OpenBSD and NetBSD current have been patched. Please, update your systems.
Categories: Systrace

Breaker!! 17 years ago...


I was going to do some late night hacking but then I found this. My first game. I wrote this in 1989 for the Amiga. I feared that this great work(!) might have been forever lost but I just found a copy of it on some warez server. The games comes with a level editor. I was esp. proud of the level editor because I used run-length encoding to compress the levels. The editor supported up to 1,000.
Categories: Hacking
Defined tags for this entry: , ,

Hacking Too Much

Been travelling and working too much on other stuff lately to make much progress with Systrace. The ptrace version works reliably enough on Linux without the kernel patch. Although, it sometimes still leaves zombie processes behind which is kind of annoying. Performance without kernel patch takes a 100% hit, too. Marius has promised to revamp the kernel patches and make them more Linux friendly. Maybe, we will be able to get them into mainline Linux then. Stay tuned.
Categories: Hacking

Systrace 1.6d

This new release of Systrace adds translations for a number of new system calls and should also take care of zombies accumulating for users of the Linux ptrace backend. Systrace now allows waitpid to execute in more cases which should hopefully reap the reparented children. Download it here. A debian package is available, too.
Categories: Systrace

Linux kernel systrace patch set

Last October, I (Marius Eriksen) updated the Linux-kernel patches for systrace. Get it here. A pre-built Debian package is available here.


Watch this space for updates in a week or two as I will be bringing the diffs up to date.

Categories: Systrace

HowTo: Translating a New System Call

Systrace does not provide translations for all system calls. But it has been designed to make adding new translations very easy. Many people have noticed that they no longer see the IP address that nslookup connects to for DNS queries after updating to a newer version of Bind. The reason is that Systrace did not provide a translation for sendmsg.

Here is what you have to do add the necessary translation.

1. Provide a translator for sendmsg by adding the following code to the end of intercept-translate.c:

Continue reading "HowTo: Translating a New System Call"
Categories: Systrace