Re: The disappearing sys_call_table export.

David Wagner (daw@mozart.cs.berkeley.edu)
10 May 2003 20:48:13 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tuncer M \: "Re: 2.5.69 strange high tone on DELL Inspiron 8100"
Previous message: Daniel Jacobowitz: "Re: ptrace secfix does NOT work... :("
Maybe in reply to: Terje Eggestad: "The disappearing sys_call_table export."

Yoav Weiss wrote:
>The solution is to have only ONE REAL copy, done by the wrapper. The
>original syscall will copy from a kernel ptr, unknowingly. Consider
>the following modified pseudo-code:

Let's see you do sys_execve()... sys_socketcall() and sys_ioctl() are
fun, too. (And, I worry about doubly-indirected pointers, for instance.)
It's probably do-able, but you'd better stock up on the Advil in advance:
we're in major headache country, folks.

>Now, don't get me wrong - I still think intercepting the syscall is not
>the right thing to do in this case, since LSM provides hooks in better
>locations.

Right. LSM seems like a better answer for security applications.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tuncer M \: "Re: 2.5.69 strange high tone on DELL Inspiron 8100"
Previous message: Daniel Jacobowitz: "Re: ptrace secfix does NOT work... :("
Maybe in reply to: Terje Eggestad: "The disappearing sys_call_table export."