Techly NewsGet the app

Get the latest tech news

Reliable system call interception


My personal blog

Originally seccomp user notify was intended for container usecases, but we can use it just as easily for normal processes by adopting the age-old fork+exec pattern. Such a malicious filter might, for example, cause an attempt to use setuid to set the caller's user IDs to nonzero values to instead return 0 without actually making the system call. However on older kernel versions that ioctl would hang forever, so an easy workaround is to install a signal handler for SIGCHLD with sigaction.

Get the Android app

Or read this on Hacker News

« The Video Game Industry Is Finally Getting Serious About Player Safety
Akamai to shut down its CDN operations in China »