Chris Evans from Google Security discovered an integer overflow in the Systrace kernel code. If an adversary can open "/dev/systrace", the bug can be leveraged to gain root access. Both OpenBSD and NetBSD current have been patched. Please, update your systems.
I was going to do some late night hacking but then I found this. My first game. I wrote this in 1989 for the Amiga. I feared that this great work(!) might have been forever lost but I just found a copy of it on some warez server. The games comes with a level editor. I was esp. proud of the level editor because I used run-length encoding to compress the levels. The editor supported up to 1,000.
Been travelling and working too much on other stuff lately to make much progress with Systrace. The ptrace version works reliably enough on Linux without the kernel patch. Although, it sometimes still leaves zombie processes behind which is kind of annoying. Performance without kernel patch takes a 100% hit, too. Marius has promised to revamp the kernel patches and make them more Linux friendly. Maybe, we will be able to get them into mainline Linux then. Stay tuned.
This new release of Systrace adds translations for a number of new system calls and should also take care of zombies accumulating for users of the Linux ptrace backend. Systrace now allows waitpid to execute in more cases which should hopefully reap the reparented children. Download it
here. A
debian package is available, too.
Last October, I (Marius Eriksen) updated the Linux-kernel patches for systrace. Get it
here. A pre-built Debian package is available
here.
Watch this space for updates in a week or two as I will be bringing the diffs up to date.
Systrace does not provide translations for all system calls. But it has been designed to make adding new translations very easy. Many people have noticed that they no longer see the IP address that nslookup connects to for DNS queries after updating to a newer version of Bind. The reason is that Systrace did not provide a translation for sendmsg.
Here is what you have to do add the necessary translation.
1. Provide a translator for
sendmsg by adding the following code to the end of
intercept-translate.c:
Continue reading "HowTo: Translating a New System Call"
