Re: The disappearing sys_call_table export.

Muli Ben-Yehuda (mulix@mulix.org)
Fri, 9 May 2003 22:07:08 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Brownell: "Re: [linux-usb-devel] Re: [Bluetooth] HCI USB driver update. Support"
Previous message: Andy Pfiffer: "[KEXEC][2.5.69] kexec for 2.5.69 available"

This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.

--=_courier-30380-1052507276-0001-2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, May 09, 2003 at 01:08:08AM -0700, Greg KH wrote:
> On Fri, May 09, 2003 at 10:42:08AM +0300, Muli Ben-Yehuda wrote:
> >=20
> > For example, a rogue process is calling settimeofday() on your router
> > once a month(!). How are you going to find it? There's no LSM hook for
> > settimeofday()
>=20
> Yes there is. Check the capable hook for CAP_SYS_TIME. LSM modules can
> get that info quite easily.

Indeed, I missed the fact that LSM modules have a capable
hook. Nonetheless, my original point stands: LSM and hooking kernel
objects are great for security and auditing, hijacking system calls
can be quite useful for debugging, both kernel and userspace.

Thanks,=20
Muli.=20
--=20
Muli Ben-Yehuda
http://www.mulix.org

--=_courier-30380-1052507276-0001-2
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+u/xcKRs727/VN8sRAoSkAKCvO8IRxFp1YAtEJkIgglarztSHQgCfdfQi
y0yhNcpCF41pR4an7N89Ta8=
=vRm+
-----END PGP SIGNATURE-----

--=_courier-30380-1052507276-0001-2--

Next message: David Brownell: "Re: [linux-usb-devel] Re: [Bluetooth] HCI USB driver update. Support"
Previous message: Andy Pfiffer: "[KEXEC][2.5.69] kexec for 2.5.69 available"