Questions about utrace

[Ali Polatel]

Hey everyone,
I've been writing a ptrace based sandboxing tool, called sydbox¹, and I
want to explain about some of my bad experiences with ptrace and whether
utrace will fix these deficiencies.

First of all ptrace() makes it rather hard writing portable code that
will work for every architecture. You have to find out registry numbers
for every architecture. It would be really nice if there were a common
interface like utrace_get_syscall(), utrace_set_syscall() that
works for every architecture supported.

Basically sydbox intercepts some system calls and checks their
arguments. Using ptrace, however, it's not possible to stop the children
only at the entry of system calls we are interested in but we have to
stop them at _every_ system call and check for the system call number.
Because of this threaded applications run very slowly under sydbox as we
have to stop them at every sched_yield(). I know that utrace will split
PTRACE_SYSCALL into two calls SYSCALL_ENTRY and SYSCALL_EXIT and this is
really cool but maybe the ability to stop the children only at system
calls the caller is interested in is a better idea.

Last but not least, I want to thank you for your efforts to create a
nicer tracing API for Linux.

Peace!

¹: http://github.com/alip/sydbox

-- 
Regards,
Ali Polatel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/utrace-devel/attachments/20090905/ec3547e7/attachment.sig>