> On Sun, 7 Apr 2002, John Levon wrote:
>
> > But what about the recent discussion on the removal of sys_call_table ?
> >
> > (I believe it was along the lines of "it's ugly, prevent it ...", "ah,
> > but it has real uses, so why can't it stay as deprecated/unadvised ?"
> > "*no response*").
> >
> > I'm a bit disappointed this has just gone in without any real discussion
> > on the usefulness of this for certain circumstances :(
>
> Sure, removing that would break a lot of cracker software. Oh wait,
> maybe that's a good thing...
It's really easy for cracker to patch sys_call even if it the table is not
exported. Not exporting the sys call table is just to encourage good
programming technics not a protection against machiavel things.
> For legitimate use, if any, a compile-time optional system call could be
> added requiring a capability to use, and programs which are currently
> doing that (AFS?) can be converted to use another f/s interface. I have
> seen a few mentions of software which DO use that capability, I'm not sure
> I've seen one which can be done no other way.
As stated oprofile needs it, there is no other efficient way to track exec,
mmap and other sys call needed for profiler. I hope a consensus can
be reach : explain than unloading module wich patch the sys call table
are unsafe on SMP, discourage the use of sys call table patch, but do
not forbid that.
-- Philippe Elie
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/