On Sun, Apr 07, 2002 at 08:41:14PM +0100, John Levon wrote:
> On Sun, Apr 07, 2002 at 08:49:17PM +0100, Alan Cox wrote:
>
> > Removing it in the -ac tree is a good way to stimulate discussion
>
> OK
>
> > fixing the code that relies on it (except for the 99% of code relying on it
> > which is cracker authored trojans)
>
> No doubt, but it's not much harder to look at nm vmlinux or System.map,
> so I don't see the security angle...
>
> I'd be happy to bear the brunt of users moaning at me because they now
> have to apply a kernel patch (and I have to maintain it ...), iff there
> was some strongly technical reason the code has to change.
I'd like to second that. syscalltrack (http://syscalltrack.sf.net)
hijacks syscall entries in the sys_call_table as well, because we
want it to work as a module and not require patching the kernel. Our
solution to the module unload race on syscall de-hijacking is simple,
splitting the system call hijacking code into a single small module
which once loaded cannot be unloaded.
So please keep the sys_call_table exported and marked as "ugh, not
portable and racy, please dont hijack system calls unless you really
have to" unless there's a strongly technical reason otherwise. Our
users (all 7 of them) will appreciate it ;)
-- The ill-formed Orange Fails to satisfy the eye: http://vipe.technion.ac.il/~mulix/ Segmentation fault. http://syscalltrack.sf.net/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 07 2002 - 22:00:20 EST