On Thu, Sep 13, 2001 at 04:17:51PM +0100, John Levon wrote: >> int wrapped_execve( const char *filename, const char *argv[], const >> char *envp[]) > but your real problem here is that sys_execve is not trivially > overloadable as it directly affects saved registers on the stack, > rather than going through pointers or whatever. You must instead > replicate the code of sys_execve() and call do_execve() from your > module. Can't just direct jump to stored value be one possible solution (for x86)?? [work for me, is it correct??]: movl sys_call_table+<4*SYS_CALL_NUM>,%eax movl %eax,stored_call movl $restricted_call,sys_call_table+<4*SYS_CALL_NUM> .... restricted_call: cmp <someting> ; note that current() can be addressed through %ebx je DENY jmp *stored_call DENY: .... -- "I only touch base with reality on an as-needed basis!" -- Royal Floyd Mengot (Klaus) - Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ IRC Channel: irc.openprojects.net / #kernelnewbies Web Page: http://www.kernelnewbies.org/
