Re: The disappearing sys_call_table export.

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Neulinger, Nathan: "problems after upgrading from 2.4.20-pre7 to 2.4.21-rc1 (maybe nfs related)"
• Previous message: William Lee Irwin III: "Re: top stack (l)users for 2.5.69"
• In reply to: petter wahlman: "Re: The disappearing sys_call_table export."
• Next in thread: Richard B. Johnson: "Re: The disappearing sys_call_table export."

--=_courier-32009-1052322576-0001-2
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2003-05-07 at 17:34, petter wahlman wrote:
> It seems like nobody belives that there are any technically valid
> reasons for hooking system calls, but how should e.g anti virus
> on-access scanners intercept syscalls?
> Preloading libraries, ptracing init, patching g/libc, etc. are
> obviously not the way to go.

those obviously need to be implemented via the security subsystem (eg
LSM). Hooks are obviously the wrong level to do things and I could even
tell you that you cannot implement this right from a module actually.

--=_courier-32009-1052322576-0001-2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+uSrYxULwo51rQBIRAgllAJ4hMqz7dEnYVGGuAeKqn2Al4RX+1ACgnnom
kpCZPte2DWDzNUzKNeNSSp0=
=/jiQ
-----END PGP SIGNATURE-----

--=_courier-32009-1052322576-0001-2--

• Next message: Neulinger, Nathan: "problems after upgrading from 2.4.20-pre7 to 2.4.21-rc1 (maybe nfs related)"
• Previous message: William Lee Irwin III: "Re: top stack (l)users for 2.5.69"
• In reply to: petter wahlman: "Re: The disappearing sys_call_table export."
• Next in thread: Richard B. Johnson: "Re: The disappearing sys_call_table export."