Re: System call wrapping

Miquel van Smoorenburg (miquels@cistron.nl)
Mon, 21 Oct 2002 18:16:10 +0000 (UTC)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephan von Krawczynski: "2.4.20-pre7: ip_conntrack: table full, dropping packet."
Previous message: Roman Zippel: "Re: Listmaster request: Blacklist rms@gnu.org"
Maybe in reply to: Henrı Şór Baldursson: "System call wrapping"
Next in thread: Karim Yaghmour: "Re: System call wrapping"

In article <1035222121.1063.20.camel@pc177>,
Henrı Şór Baldursson <henry@f-prot.com> wrote:
>In our Windows product we have something called "Realtime protector"
>which monitors file access on Windows running machines and scans them
>before allowing access.
>
>We now want, due to customer demand, to supply our Linux users with
>similar functionality, and we've created a 2.4.x kernel module which
>wrapped the open system call by means of overwriting
>sys_call_table[__NR_open].

What is wrong with a preloaded library (by means of /etc/ld.so.preload)
that intercepts open at the library level (and calls the real open()
using RLTD_NEXT) ? Just let it talk over a unix socket to your
scanner server.

Mike.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephan von Krawczynski: "2.4.20-pre7: ip_conntrack: table full, dropping packet."
Previous message: Roman Zippel: "Re: Listmaster request: Blacklist rms@gnu.org"
Maybe in reply to: Henrı Şór Baldursson: "System call wrapping"
Next in thread: Karim Yaghmour: "Re: System call wrapping"