Re: How to hack syscall-table, in kernel 2.6+ ?

From: Felipe Balbi
Date: Tue Aug 14 2012 - 07:36:28 EST

Next message: Sebastian Andrzej Siewior: "Re: [RFC 5/5] uprobes: add global breakpoints"
Previous message: richard -rw- weinberger: "Re: How to hack syscall-table, in kernel 2.6+ ?"
In reply to: richard -rw- weinberger: "Re: How to hack syscall-table, in kernel 2.6+ ?"
Next in thread: Alan Cox: "Re: How to hack syscall-table, in kernel 2.6+ ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 14, 2012 at 05:01:56PM +0530, Ajay Garg wrote:
> Hi all.
>
> It is well known that the syscall-table had stopped being exported
> from version 2.6 onwards.
>
> So, now as a developer, if I wish to hack into the syscall-table, and
> change the syscall-function-pointers to my custom-function-pointers
> (mainly for the reason of adding/preventing access to certain files,
> via Kernel-Loadable-Modules), what is the recommended way?
>
> I have already tried extracting the address of the "sys_call_table"
> from "System.Map"; however, I am still not able to replace the
> function-pointers with mine.
> Trying to do gives me page-faults, apparently meaning that the
> syscall-table memory area is read-only.
>
>
>
> I will be grateful, if someone could point me to the recommended way
> of doing this.

Have you looked into selinux [1] ?

[1] http://selinuxproject.org/page/Main_Page

--
balbi

Attachment: signature.asc
Description: Digital signature

Next message: Sebastian Andrzej Siewior: "Re: [RFC 5/5] uprobes: add global breakpoints"
Previous message: richard -rw- weinberger: "Re: How to hack syscall-table, in kernel 2.6+ ?"
In reply to: richard -rw- weinberger: "Re: How to hack syscall-table, in kernel 2.6+ ?"
Next in thread: Alan Cox: "Re: How to hack syscall-table, in kernel 2.6+ ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]