Re: Two fixes for 2.4.19-pre5-ac3

Muli Ben-Yehuda (mulix@actcom.co.il)
Sun, 7 Apr 2002 22:55:04 +0300

On Sun, Apr 07, 2002 at 08:41:14PM +0100, John Levon wrote:
> On Sun, Apr 07, 2002 at 08:49:17PM +0100, Alan Cox wrote:
>
> > Removing it in the -ac tree is a good way to stimulate discussion
>
> OK
>
> > fixing the code that relies on it (except for the 99% of code relying on it
> > which is cracker authored trojans)
>
> No doubt, but it's not much harder to look at nm vmlinux or System.map,
> so I don't see the security angle...
>
> I'd be happy to bear the brunt of users moaning at me because they now
> have to apply a kernel patch (and I have to maintain it ...), iff there
> was some strongly technical reason the code has to change.

I'd like to second that. syscalltrack (http://syscalltrack.sf.net)
hijacks syscall entries in the sys_call_table as well, because we
want it to work as a module and not require patching the kernel. Our
solution to the module unload race on syscall de-hijacking is simple,
splitting the system call hijacking code into a single small module
which once loaded cannot be unloaded.

So please keep the sys_call_table exported and marked as "ugh, not
portable and racy, please dont hijack system calls unless you really
have to" unless there's a strongly technical reason otherwise. Our
users (all 7 of them) will appreciate it ;)

-- 
The ill-formed Orange
Fails to satisfy the eye:       http://vipe.technion.ac.il/~mulix/
Segmentation fault.             http://syscalltrack.sf.net/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/