Question about secure tracing. #445
jzeng4
started this conversation in
Development
Replies: 1 comment
-
Think threads and pointers. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
After reading the "secure tracing" section, I don't understand the followings:
"When Tracee reads information from user programs it is subject to a race condition where the user program might be able to change the arguments after Tracee has read them."
If I understand correctly, Tracee reads information (syscall arguments) in syscall entry. How is it possible for the user program to change the arguments after syscall has been invoked? The program ^^ is malware or vulnerable software? Could you provide more details or any examples about it? Thank you!
Beta Was this translation helpful? Give feedback.
All reactions