Re: System call wrapping
Karim Yaghmour (karim@opersys.com)
Mon, 21 Oct 2002 14:33:32 -0400
Miquel van Smoorenburg wrote:
> In article <1035222121.1063.20.camel@pc177>,
> Henrý Þór Baldursson <henry@f-prot.com> wrote:
> >In our Windows product we have something called "Realtime protector"
> >which monitors file access on Windows running machines and scans them
> >before allowing access.
> >
> >We now want, due to customer demand, to supply our Linux users with
> >similar functionality, and we've created a 2.4.x kernel module which
> >wrapped the open system call by means of overwriting
> >sys_call_table[__NR_open].
>
> What is wrong with a preloaded library (by means of /etc/ld.so.preload)
> that intercepts open at the library level (and calls the real open()
> using RLTD_NEXT) ? Just let it talk over a unix socket to your
> scanner server.
Jacques Gelinas already has something that does precisely that:
http://www.solucorp.qc.ca/virtualfs/
I don't know if it's still being updated, but the ideas are all there.
Karim
===================================================
Karim Yaghmour
karim@opersys.com
Embedded and Real-Time Linux Expert
===================================================
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/