I've written before about a simple user-space approach to intercepting and modifying system calls, by turning system calls into SIGILL and then executing the perhaps-modified system call in the signal handler. I also mentioned that handling clone(), Linux's system call for creating a new thread, is challenging in this context. Let's imagine we want our handler firstly to print out a message, then to do the original clone(), and then return to the original caller (twice, naturally!). Since the...
