Re: Syscall table AKA hijacking syscalls

[Helge Hafting]

On Sat, Jan 03, 2004 at 12:46:17AM +0100, Libor Vanek wrote:
> >>I'm writing some project which needs to hijack some syscalls in VFS 
> >>layer. AFAIK in 2.6 is this "not-wanted" solution (even that there are 
> >>some very nasty ways of doing it - see 
> >>http://mail.nl.linux.org/kernelnewbies/2002-12/msg00266.html )
> >
> >
> >And it will fail miserably on many non x86 architectures for
> >various reasons:
> >
> >1. ppc64 and ia64 use function descriptors
> >2. sparc64 uses a 32bit call out table
> >
> >In short its not only an awful hack, its horribly non portable :)
> 
> But in short you always get some syscall from userspace and have some table 
> with function vectors assigned to each syscall, don't you?
> 
> So you can have something like 
> "append_this_function_before_syscall_sys_open" and 
> "append_this_function_after_syscall_sys_open" which would be platform 
> independent but will have platform dependent implementation.

Why bother overriding syscalls?
If you want a different sys_open, just modify/rewrite it.  Then you get a kernel
that works your way without touching the syscall table (or other implementation of it) 
at all.

Of course this sort of rewrite cannot be acitvated/deactivated by loading/unloading
a module.  But that isn't necessary, use a writeable flag in /proc instead.

i.e.:
sys_open(...) 
{
  if (activated_in_proc) my_sys_open(...); else standard_sys_open(...);
}

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/