In article <Pine.LNX.4.21.0004201544260.972-100000@saturn.homenet> you wrote:
> However, I know that intercepting (and not just tracing) can be done in
> userspace using LD_PRELOAD facility of shared libraries. This leaves one
> case where a kernel implementation is a "must" - statically linked
> binaries.
Using LD_PRELOAD for intercepting system/library calls may work as a
quick hack but if you expect it to do the right thing with all
(dynamically linked) programs you are in for a lot of pain. Library
loading order, initilization order, symbol resolution order can all
screw you up in various cases. I'd give you examples but my head still
hurts from the last time I had to deal with this, so I'd rather not
remember :)
Modifying sys_call_table from a module works fine but is architecture
specific (I'm told) and gets intersting when two modules try to
intercept the same system call. There was a patch a while ago that
provided infrastructure for doing this properly, at the expense of
some overhead. The problem with that is that it'll only be useful if
it gets into the kernel and everybody uses it but it won't because of
the overhead.
So it seems that there isn't and there won't be a good way of doing
this...
Wishes,
Borislav
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:17 EST