Re: export of sys_call_table

[Muli Ben-Yehuda <mulix@actcom.co.il>]

[-- Attachment #1: Type: text/plain, Size: 1864 bytes --]

On Thu, Oct 03, 2002 at 09:46:53PM -0700, Greg KH wrote:
> On Fri, Oct 04, 2002 at 07:05:03AM +0300, Muli Ben-Yehuda wrote:
> > 
> > http://marc.theaimsgroup.com/?l=kernelnewbies&m=102267164910800&w=2, 
> 
> You didn't read my post to that same thread did you:
>
> http://marc.theaimsgroup.com/?l=kernelnewbies&m=102130770415962

I did, and considered using LSM, but decided not to since, as you
mention below, it doesn't give me the capabilities I need. 

> And for the most part, the people on kernelnewbies have given up on
> trying to explain to new people why this does not work.  I know I sure
> have :)

As I've written, I maintain that it does work on *some* archs (atomic
pointer updates are required) and with certain precautions (no module
unload). 

> > http://marc.theaimsgroup.com/?l=linux-kernel&m=101821127019203&w=2
> > 
> > [2] Can the LSM hooks be used for notification and modification on
> > every system call's entry and exit?  
> 
> No.  See the LSM mailing list archives for why we did not decide to do
> this.  (hint, you don't really achieve what you want to by doing
> this.)

Well, since I want to hook every system call, I get exactly what I
want ;-)

I'm not doing access policies or security. I'm doing "who is deleting
my file?" and "who is calling settimeoday on my router once in a blue
moon.", and even "if process foo calls getpid(), tell it's actually
process bar". 

> If you _really_ want to hook things like this, look at LTT or dprobes.
> They should work just fine for you.

Neither is in the core kernel (AFAIK), and I'm not sure how useful
they are for a module only solution. I'll take a look, though. 

Thanks, 
Muli. 
-- 
Muli Ben-Yehuda					http://www.mulix.org/	
mulix@mulix.org:~$ sctrace strace /bin/foo 	http://syscalltrack.sf.net/
Quis custodes ipsos custodiet?

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]