2 comments

[ 3.1 ms ] story [ 17.9 ms ] thread
I'm afraid this tool is very easy to circumvent. It only checks the first argument to a syscall for containing a forbidden path.

But for example openAt gets it's path as the second argument.

http://man7.org/linux/man-pages/man2/openat.2.html

This tool is a nice demo for how to use ptrace in golang. BUT PLEASE CHECK THE CODE BEFORE USING THIS FOR ANYTHING SECURITY RELATED