Menu
I'm working on a piece of software that monitors other processes' system calls using ptrace(2). Unfortunately most modern operating system implement some kind of fast user-mode syscalls that are called vsyscalls in Linux.
Is there any way to disable the use of vsyscalls/vDSO for a single process or, if that is not possible, for the whole operating system?
651
How to Disable a Services in Linux. In Red Hat based distributions such as Fedora and CentOS, make use of a script called ‘ chkconfig ‘ to enable and disable the running services in Linux. For example, lets disable the Apache web server at the system startup. [ avishek@tecmint ]# chkconfig httpd off [ avishek@tecmint ]# chkconfig httpd --del.
How to disable SSLv3 in Linux? When you know that the server is a possible target, there is a need to act fast to avoid hackers exploiting this vulnerability. Unfortunately, a simple ready made patch for this do not exist. The only possible way is to disable SSLv3 in the different applications used on the server.
Disable weak algorithms at server side 1 First, we log into the server as a root user. 2 Then, we open the file sshd_config located in /etc/ssh and add the following directives.#N#Ciphers aes256-gcm@openssh. 3 At last, to make the changes effective in SSH, we restart sshd service More ...
In short, How to disable weak SSH ciphers in Linux has quite an easy solution. It is by adding a directive in the config file and can be either at the server-side or client-side. Why is My SSH Connection Refused?
Try echo 0 > /proc/sys/kernel/vsyscall64
If you're trying to ptrace on gettimeofday calls and they aren't showing up, what time source is the system using (pmtimer, acpi, tsc, hpet, etc). I wonder if you'd humor me by trying to force your timer to something older like pmtimer. It's possible one of the many gtod timer specific optimizations is causing your ptrace calls to be avoided, even with vsyscall set to zero.
100
Is there any way to disable the use of vsyscalls/vDSO for a single process or, if that is not possible, for the whole operating system?
It turns out there IS a way to effectively disable linking vDSO for a single process without disabling it system-wide using ptrace!
All you have to do is to stop the traced process before it returns from execve and remove the AT_SYSINFO_EHDR entry from the auxiliary vector (which comes directly after environment variables along the memory region pointed to in rsp). PTRACE_EVENT_EXEC is a good place to do this.
AT_SYSINFO_EHDR is what the kernel uses to tell the system linker where vDSO is mapped in the process's address space. If this entry is not present, ld seems to act as if the system hasn't mapped a vDSO.
Note that this doesn't somehow unmap the vDSO from your processes memory, it merely ignores it when linking other shared libraries. A malicious program will still be able to interact with it if the author really wanted to.
I know this answer is a bit late, but I hope this information will spare some poor soul a headache
21
For newer systems echo 0 > /proc/sys/kernel/vsyscall64 might not work. In Ubuntu 16.04 vDSO can be disabled system-wide by adding the kernel parameter vdso=0 in /etc/default/grub under the parameter: GRUB_CMDLINE_LINUX_DEFAULT.
IMPORTANT: Parameter GRUB_CMDLINE_LINUX_DEFAULT might be overwriten by other configuration files in /etc/default/grub.d/..., so double check when to add your custom configuration.
34
Picking up on Tenders McChiken's approach, I did create a wrapper that disables vDSO for an arbitrary binary, without affecting the rest of the system: https://github.com/danteu/novdso
The general procedure is quite simple:
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
