Re: The disappearing sys_call_table export.

Yoav Weiss (ml-lkml@unpatched.org)
Sun, 11 May 2003 00:45:44 +0300 (IDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Adrian Bunk: "[patch] 2.4.21-rc2: fix sound/kahlua.c .text.exit error"
Previous message: Jos Hulzink: "irq balancing: performance disaster"

> Let's see you do sys_execve()... sys_socketcall() and sys_ioctl() are
> fun, too. (And, I worry about doubly-indirected pointers, for instance.)
> It's probably do-able, but you'd better stock up on the Advil in advance:
> we're in major headache country, folks.

I agree. I could post my 2.0.x code for doing this, but it would be
counter-productive since security apps should use LSM for this very
reason. I was merely suggesting a way for Masud to solve his specific
problem without rewriting his module.

sys_execve() and sys_socketcall() are actually not that hard. sys_ioctl()
is next to impossible because no never know what the structs look like.
Luckily, most security apps don't require ioctl-screening.

Most security applications should use LSM but its not a good reason to
remove sys_call_table, since its still useful for many non-security
purposes.

Yoav Weiss

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Bunk: "[patch] 2.4.21-rc2: fix sound/kahlua.c .text.exit error"
Previous message: Jos Hulzink: "irq balancing: performance disaster"