Re: export of sys_call_table

Muli Ben-Yehuda (mulix@actcom.co.il)
Fri, 4 Oct 2002 07:53:29 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: immortal1015: "Re: Re: How to replace the network cards"
Previous message: Greg KH: "Re: Vicam/3com homeconnect usb camera driver"

--to+bXLvrczl8f0V1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 03, 2002 at 09:46:53PM -0700, Greg KH wrote:
> On Fri, Oct 04, 2002 at 07:05:03AM +0300, Muli Ben-Yehuda wrote:
> >=20
> > http://marc.theaimsgroup.com/?l=3Dkernelnewbies&m=3D102267164910800&w=
=3D2,=20
>=20
> You didn't read my post to that same thread did you:
>
> http://marc.theaimsgroup.com/?l=3Dkernelnewbies&m=3D102130770415962

I did, and considered using LSM, but decided not to since, as you
mention below, it doesn't give me the capabilities I need.=20

> And for the most part, the people on kernelnewbies have given up on
> trying to explain to new people why this does not work. I know I sure
> have :)

As I've written, I maintain that it does work on *some* archs (atomic
pointer updates are required) and with certain precautions (no module
unload).=20

> > http://marc.theaimsgroup.com/?l=3Dlinux-kernel&m=3D101821127019203&w=3D2
> >=20
> > [2] Can the LSM hooks be used for notification and modification on
> > every system call's entry and exit? =20
>=20
> No. See the LSM mailing list archives for why we did not decide to do
> this. (hint, you don't really achieve what you want to by doing
> this.)

Well, since I want to hook every system call, I get exactly what I
want ;-)

I'm not doing access policies or security. I'm doing "who is deleting
my file?" and "who is calling settimeoday on my router once in a blue
moon.", and even "if process foo calls getpid(), tell it's actually
process bar".=20

> If you _really_ want to hook things like this, look at LTT or dprobes.
> They should work just fine for you.

Neither is in the core kernel (AFAIK), and I'm not sure how useful
they are for a module only solution. I'll take a look, though.=20

Thanks,=20
Muli.=20
--=20
Muli Ben-Yehuda http://www.mulix.org/=09
mulix@mulix.org:~$ sctrace strace /bin/foo http://syscalltrack.sf.net/
Quis custodes ipsos custodiet?

--to+bXLvrczl8f0V1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9nR7JKRs727/VN8sRAhYqAKC4nTqkBOS75lP2KpUUDtdCtzv6DACbB3j4
I1QNxTwp9HnxH5WwZCGCXA4=
=7apz
-----END PGP SIGNATURE-----

--to+bXLvrczl8f0V1--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: immortal1015: "Re: Re: How to replace the network cards"
Previous message: Greg KH: "Re: Vicam/3com homeconnect usb camera driver"