Re: The disappearing sys_call_table export.

petter wahlman (petter@bluezone.no)
07 May 2003 18:08:31 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ken Witherow: "Re: Tyan Tiger MP + 2.4.20"
Previous message: Jens Axboe: "Re: ioctl cleanups: enable sg_io and serial stuff to be shared"
Next in thread: Richard B. Johnson: "Re: The disappearing sys_call_table export."
Reply: Richard B. Johnson: "Re: The disappearing sys_call_table export."
Reply: Richard B. Johnson: "Re: The disappearing sys_call_table export."
Reply: Jesse Pollard: "Re: The disappearing sys_call_table export."

On Wed, 2003-05-07 at 18:00, Richard B. Johnson wrote:
> On Wed, 7 May 2003, petter wahlman wrote:
>
> >
> > It seems like nobody belives that there are any technically valid
> > reasons for hooking system calls, but how should e.g anti virus
> > on-access scanners intercept syscalls?
> > Preloading libraries, ptracing init, patching g/libc, etc. are
> ^^^^^^^^^^^^^^^^^^^
> |________ Is the way to go. That's how
> you communicate every system-call to a user-mode daemon that
> does whatever you want it to do, including phoning the National
> Security Administrator if that's the policy.
>
> > obviously not the way to go.
> >
>
> Oviously wrong.

And how would you force the virus to preload this library?

-p.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ken Witherow: "Re: Tyan Tiger MP + 2.4.20"
Previous message: Jens Axboe: "Re: ioctl cleanups: enable sg_io and serial stuff to be shared"
Next in thread: Richard B. Johnson: "Re: The disappearing sys_call_table export."
Reply: Richard B. Johnson: "Re: The disappearing sys_call_table export."
Reply: Richard B. Johnson: "Re: The disappearing sys_call_table export."
Reply: Jesse Pollard: "Re: The disappearing sys_call_table export."