Right, this module (syscall_hijack.o) currently has the interface:
int hijack_syscall_before(int syscall_id, func_ptr func);
int hijack_syscall_after(int syscall_id, func_ptr func);
int release_syscall_before(int syscall_id);
int release_syscall_after(int syscall_id);
where 'before' and 'after' correspond to a hook which should run
before the original system call is invoked (allowing it to specify
that the original system call should not be executed) or after the
original system call is invoked (allowing it access to its return
value).
We only support i386 (and uml) at the moment, because of the problems
with hijacking system calls on other architectures and because none of
us have access to other architectures to test the code on.
I recall reading in the archives that linus objected to modules
hijacking system calls on the grounds that it allows binary only
modules to completely subvert the way the kernel behaves towards
userspace. What if such a mechanism existed, however, and was only
exported to modules with a suitable license (modules which don't taint
the kernel). Would that be feasible?
-- The ill-formed Orange Fails to satisfy the eye: http://vipe.technion.ac.il/~mulix/ Segmentation fault. http://syscalltrack.sf.net/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/