Re: export of sys_call_table

From: Muli Ben-Yehuda (mulix@actcom.co.il)
Date: Thu Oct 03 2002 - 23:53:29 EST


On Thu, Oct 03, 2002 at 09:46:53PM -0700, Greg KH wrote:
> On Fri, Oct 04, 2002 at 07:05:03AM +0300, Muli Ben-Yehuda wrote:
> >
> > http://marc.theaimsgroup.com/?l=kernelnewbies&m=102267164910800&w=2,
>
> You didn't read my post to that same thread did you:
>
> http://marc.theaimsgroup.com/?l=kernelnewbies&m=102130770415962

I did, and considered using LSM, but decided not to since, as you
mention below, it doesn't give me the capabilities I need.

> And for the most part, the people on kernelnewbies have given up on
> trying to explain to new people why this does not work. I know I sure
> have :)

As I've written, I maintain that it does work on *some* archs (atomic
pointer updates are required) and with certain precautions (no module
unload).

> > http://marc.theaimsgroup.com/?l=linux-kernel&m=101821127019203&w=2
> >
> > [2] Can the LSM hooks be used for notification and modification on
> > every system call's entry and exit?
>
> No. See the LSM mailing list archives for why we did not decide to do
> this. (hint, you don't really achieve what you want to by doing
> this.)

Well, since I want to hook every system call, I get exactly what I
want ;-)

I'm not doing access policies or security. I'm doing "who is deleting
my file?" and "who is calling settimeoday on my router once in a blue
moon.", and even "if process foo calls getpid(), tell it's actually
process bar".

> If you _really_ want to hook things like this, look at LTT or dprobes.
> They should work just fine for you.

Neither is in the core kernel (AFAIK), and I'm not sure how useful
they are for a module only solution. I'll take a look, though.

Thanks,
Muli.

-- 
Muli Ben-Yehuda					http://www.mulix.org/	
mulix@mulix.org:~$ sctrace strace /bin/foo 	http://syscalltrack.sf.net/
Quis custodes ipsos custodiet?


- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Oct 07 2002 - 22:00:43 EST