Re: The disappearing sys_call_table export.

From: Muli Ben-Yehuda (mulix@mulix.org)
Date: Fri May 09 2003 - 14:07:08 EST

Next message: David Brownell: "Re: [linux-usb-devel] Re: [Bluetooth] HCI USB driver update. Support for SCO over HCI USB."
Previous message: Andy Pfiffer: "[KEXEC][2.5.69] kexec for 2.5.69 available"
In reply to: Greg KH: "Re: The disappearing sys_call_table export."
Next in thread: Chuck Ebbert: "RE: The disappearing sys_call_table export."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 09, 2003 at 01:08:08AM -0700, Greg KH wrote:
> On Fri, May 09, 2003 at 10:42:08AM +0300, Muli Ben-Yehuda wrote:
> >
> > For example, a rogue process is calling settimeofday() on your router
> > once a month(!). How are you going to find it? There's no LSM hook for
> > settimeofday()
>
> Yes there is. Check the capable hook for CAP_SYS_TIME. LSM modules can
> get that info quite easily.

Indeed, I missed the fact that LSM modules have a capable
hook. Nonetheless, my original point stands: LSM and hooking kernel
objects are great for security and auditing, hijacking system calls
can be quite useful for debugging, both kernel and userspace.

Thanks,
Muli.

-- Muli Ben-Yehuda http://www.mulix.org

application/pgp-signature attachment: stored

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: David Brownell: "Re: [linux-usb-devel] Re: [Bluetooth] HCI USB driver update. Support for SCO over HCI USB."
Previous message: Andy Pfiffer: "[KEXEC][2.5.69] kexec for 2.5.69 available"
In reply to: Greg KH: "Re: The disappearing sys_call_table export."
Next in thread: Chuck Ebbert: "RE: The disappearing sys_call_table export."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu May 15 2003 - 22:00:31 EST