Dear sirs,
I work for FRISK Software International. We are an Antivirus company.
Our product is the F-Prot Antivirus scanner.
We have started to port our application to the Linux platform in an
effort to provide system administrators with means to scan the content
they supply their workstations with via Linux servers.
In our Windows product we have something called "Realtime protector"
which monitors file access on Windows running machines and scans them
before allowing access.
We now want, due to customer demand, to supply our Linux users with
similar functionality, and we've created a 2.4.x kernel module which
wrapped the open system call by means of overwriting
sys_call_table[__NR_open]. We did realize that this is a bad idea if a
user loads another module doing the same, and then unloads in the wrong
order. And also that this is not a very pretty method. But it worked.
Apparently, this is something you kernel hackers don't approve of, since
you've recently removed EXPORT_SYMBOL(sys_call_table) from
kernel/ksyms.c - so my question is whether there is some other preferred
method for accomplishing this without forcing the user to patch and
compile a new kernel. Is there some API for wrapping system calls which
I am unaware of, or are there plans to provide one?
Best regards,
Henrý Þór Baldursson, Linux Developer
FRISK Software International
http://www.f-prot.com
http://aves.f-prot.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:55 EST