easy to bypass in linux 64 bit

[ghost]

using int 0x80 in a elf-64 binary, its easy to bypass, example:

test.asm

section .text
    global _start
section .rodata
    x db '/tmp/abcd',0x0

_start:
    mov eax, 5
    mov ebx, x
    mov ecx, 64
    mov edx, 0644
    int 0x80

    xor eax, eax
    inc eax
    int 0x80

$ nasm -f elf64 test.asm
$ ld -o test test.o
$ rm -f abcd
$ [ -e "abcd" ] && echo file found
$ maybe ./test
maybe has not detected any file system operations from ./test.
$ [ -e "abcd" ] && echo file found
file found

[Potherca]

Do you have a suggestion for a fix?

[p-e-w]

That's odd indeed... I was under the impression that syscall was just an alias for int 0x80. If that technique worked in general, all ptrace sandboxes would be ineffective, so the fault must lie either with maybe or with python-ptrace.