-
Looks like `syscall_limiter` can't prevent the process it's trying to limit from using `execve` since it needs to use `execve` itself:
```
$ LIMIT_SYSCALLS_DEFAULT_ACTION=a ./result/bin/limit_syscall…
obadz updated
8 years ago
-
The problem tweak I'm using is EQE. Here's the error when I try to launch the app:
```
Jan 13 00:37:42 Alis-iPhone kernel(Sandbox)[0] : SandboxViolation: luajit(371) deny(1) process-exec* /private…
-
vfork pauses the parent process until the child process either calls execve or exit. This prevents Copy On Write pages, which makes spawning child processes avoid double the parent resident memory req…
-
## Description
I am using the Vagrantfile located within this repo to create a test VM to deploy Tracee (using the provided helm charts). Everything seems to work but I have noticed that the Kubern…
-
rule:
```yaml
- rule: procoess exec
desc: notice process exec
condition: >
(evt.dir=< and evt.type in (execve, execveat) and not proc.exepath in (dyrace) and not proc.cmdline contains "/o…
-
Apologies if this is out-of-scope and willing to do some further testing on this, but encountered an issue where non-PIE ELF binaries cannot be loaded/executed due to the nature of the Interpreter loa…
-
Title. The ~~x86 and~~ x86_64 ropchain generator displays 0xb, while the code should be 0x3b. I will put a pull request in to fix this problem.
-
Hi, while doing our work we noticed *probably* a minor bug in Laurel that on some events it generates a json without the EXECVE/PROCTITLE key.
We checked /var/log/audit and filtered based on `msg`, …
-
As mentioned in https://github.com/start-jsk/rtmros_gazebo/issues/35#issuecomment-42056875, rtmlaunch launches rtcd with execve.
Because of this, environment variables are not taken over to rtcd proc…
-
Dear Christian Ledig,
After reading about the performance of the MALP-EM tool I was curious to check the performance myself on my own dataset. I have been using FMRIB FSL for a few years, the segme…