[fdawg4l]

  > // setup a honeypot file
  > int trap_fd = open(…); 
  > // Create new function to detect writes to the honeypot
  > static WRITE_FUNC_T original_write = dlsym(RTLD_DEFAULT, "write");;
  > ssize_t corruption_write(int fd, const void *buf, size_t size) { 
  >   FBFatal(fd != trap_fd, @"Writing to the honeypot file");
  > }
  > return original_write(fd, buf, size);
  > }
  > // Replace the system write with our “checked version”
  > rebind_symbols((struct rebinding[1]){{(char *)"write", (void *)corruption_write}}, 1);

Does this code snippet look fishy to anyone else? First, the mismatch braces are messing with my head. I'm thinking the brace before the return is a typo. Also, the call to the macro looks wrong. Shouldn't they be checking for fd == trap_fd?

[nspiegelberg]

1. I added an extra brace after FBFatal in a final revision :( I'll ask for a revision 2. FBFatal has the same semantics as assert(), so that's correct. 3. The 'rebind_symbols' line truncates and is missing a horizontal scroll. You can view the rest of it if you click drag.

[fdawg4l]

  > 2. FBFatal has the same semantics as assert(), so that's correct.

Ah, this makes sense to me now. Thanks!

[lutusp]

> Does this code snippet look fishy to anyone else?

If you can still edit your post, try block-indenting the entire code list with four spaces along the left margin -- this allows the code to appear on separate lines as intended and preserves the original indentation.

[fdawg4l]

Thanks for the tip! Done.