Re: [Condor-users] trapping I/O System Calls

[Alisson Wilker <alissonwilker@xxxxxxxxx>]

Thanks Jaime.

[]s
Alisson Wilker.

On 7/19/05, Jaime Frey <jfrey@xxxxxxxxxxx> wrote:
> 
> On Jul 19, 2005, at 11:24 AM, Matt Hope wrote:
> 
> On 7/19/05, Alisson Wilker <alissonwilker@xxxxxxxxx> wrote: 
> 
> How does Condor trap I/O system calls? Can anybody help me find it in
> the source code?
> 
> IANAE but I understand this is achieved by the condor_compile (bad
> name :) relinking with a bunch of alternates to the standard io calls
> which redirect as required.
> 
> This is overly simplistic (how said calls are redirected to the
> shadows for example and there may be special cases I don't know about
> it)
> 
> If you were asking what mechanism is used at lower level of detail
> then you'll need the cs.wisc guys*
> 
> As I am on windows I never use it so take this with a healthy dose of
> scepticism
> 
> That's basically right. 'condor_compile' links the user application with our
> special version of libc which provides its own implementations of the system
> calls (which usually involve talking to the shadow process on the submit
> machine).
> 
> Note that this is not meant to be a secure method of sandboxing the
> application to prevent malicious behavior. The user code can easily execute
> system calls directly on the execute machine if it really wants to (by
> trapping directly to the kernel).
>  
> 
> +----------------------------------+---------------------------------+
> 
> |            Jaime Frey            |  Public Split on Whether        |
> 
> |        jfrey@xxxxxxxxxxx         |  Bush Is a Divider              |
> 
> |  http://www.cs.wisc.edu/~jfrey/  |         -- CNN Scrolling Banner |
> 
> +----------------------------------+---------------------------------+
> 
>  
>  
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> 
>