Re: intercepting syscalls

[Randy.Dunlap]

On Fri, 15 Apr 2005 15:41:34 -0400 Igor Shmukler wrote:

| Hello,
| 
| Thanks to everyone for replying.
| It is surprising to me that linux-kernel people decided to disallow
| interception of system calls.
| I don't really see any upside to this.

Upside ?

| I guess if there is no clean way to do this, we will have to resort to
| quick and dirty.
| 
| Can anyone point to a discussion that yielded this decision. Perhaps,
| I need to educate myself. I stumbled upon comments that this can lead
| to mess, but pretty much anything in LKM can cause problems. I don't
| think that hiding commonly used convenient interfaces just because
| they can be abused is a valid reason, hence I would love to know what
| is the real reason.

What "commonly used convenient interfaces"?


I don't claim to remember all of the reasons.  A couple of them are:

a.  it's racy
b.  it's not architecture-independent


| Thank you,
| 
| Igor
| 
| 
| On 4/15/05, Arjan van de Ven <arjan@xxxxxxxxxxxxx> wrote:
| > On Fri, 2005-04-15 at 14:04 -0400, Igor Shmukler wrote:
| > > Hello,
| > > We are working on a LKM for the 2.6 kernel.
| > > We HAVE to intercept system calls. I understand this could be
| > > something developers are no encouraged to do these days, but we need
| > > this.
| > 
| > your module is GPL licensed right ? (You're depending on deep internals
| > after all)
| > 
| > Why do you *have* to intercept system calls... can't you instead use the
| > audit infrastructure to get that information ?
| > 
| > What is the URL of your current code so that we can provide reasonable
| > recommendations ?
| -


---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/