scalable syscall proxying

[pleed <pleed () koeln ccc de>]

Hi there,

some weeks ago i ve read papers about syscall proxying.
When i was looking for implementations, i just found very specific
code (e.g. at ueberwall.org) that could be used for minimal application.

Thats why i thought it could be funny to write my own, scalable syscall
proxy.
My concept includes:
    -   using ptrace SYSEMU to catch a process syscalls instead of
overwriting libc wrappers
    -   providing an interface to enable/disable proxying in runtime
    -   supporting functions for allocating memory on the remote machine
        and use that memory to buffer read/write operations without
transfering the data

The goal is to be able to use any program without modification and in
addition providing
more possibilities for tools directly developed for syscall proxying.
When its done, it will be free software of course.

What do you think about such a concept? Could there be a use in
productive pentesting
or is it damned to be bloated too much for real use?

Thanks for your feedback!

pleed


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------