Re: unexporting sys_call_table a good idea?

Kasper Dupont (kasperd@daimi.au.dk)
Tue, 01 Apr 2003 07:18:15 +0200


"Paul Clements (home)" wrote:
>
> Hi all,
>
> given the recent ptrace-related security bug, it sure would be nice to
> have sys_call_table exported, so that I could just disable ptrace
> altogether on affected systems (where no one is doing any debugging or
> devel work, anyway)... I realize that there are race conditions, etc.,
> with replacing syscalls, but could those not be solved?... as it is,
> rather than being able to simply compile an external module (which
> disables ptrace) and load it on affected systems, I am forced to
> recompile an entire kernel, install it on the affected systems, and
> reboot them all...

You could get the address of sys_call_table from the System.map file
and pass it as an argument to the module.

-- 
Kasper Dupont -- der bruger for meget tid på usenet.
For sending spam use mailto:aaarep@daimi.au.dk
for(_=52;_;(_%5)||(_/=5),(_%5)&&(_-=2))putchar(_);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/