io_uring based rootkit can bypass syscall-focused Linux security tools
(armosec.io)
ARMO researchers reveal a major blind spot in Linux runtime security tools caused by the io_uring interface—an asynchronous I/O mechanism that bypasses traditional system calls.
ARMO researchers reveal a major blind spot in Linux runtime security tools caused by the io_uring interface—an asynchronous I/O mechanism that bypasses traditional system calls.
Copycat: Intercept system calls using seccomp
(github.com/vimpostor)
This library allows you to overwrite system calls of arbitrary binaries in an intuitive way.
This library allows you to overwrite system calls of arbitrary binaries in an intuitive way.
Disillusioning the Magic of the Fork System Call
(codingconfessions.com)
Unix-like operating systems famously use the fork system call for creating a new process.
Unix-like operating systems famously use the fork system call for creating a new process.
Linux Syscall Support
(googlesource.com)
Every so often, projects need to directly embed Linux system calls instead of calling the implementations in the system runtime library.
Every so often, projects need to directly embed Linux system calls instead of calling the implementations in the system runtime library.
What Is io_uring?
(matklad.github.io)
io_uring is a new Linux kernel interface for making system calls.
io_uring is a new Linux kernel interface for making system calls.
What Is Io_uring?
(matklad.github.io)
io_uring is a new Linux kernel interface for making system calls.
io_uring is a new Linux kernel interface for making system calls.