It's a sad, sad day for me [ and some friend of mine ]. I'm one of the core developer of AngeL, a kernel module which tries to prevent your host for performing host and net based attacks. For host based I means that it stops buffer overflow or format bug attempt looking at the suid program input or environment before execute it. The main problem it's that I need to intercept sys_execve and write a wrapper for it in order to do this. Mister <arjanv@redhat.com> says that sys_call_table is from 2.5.41 private and who wants to intercept system calls is a bad guys. I'm sure I can write AngeL as a kernel patch instead a module, but the later approach is better in my opionion. The final question... if my module *needs* intercept system calls performing sanity check before the original call is called, how can I achieve this goal without sys_call_table? I'm hungry, sad and hopeless in watching 2 year's project maybe in death... :( Regards TheSponge -- $>cd /pub $>more beer (0> //\ Perego Paolo <p_perego@modiano.com> - www.sikurezza.org/angel V_/_ 'It seems the hardest life I've never known' I'm Linux drow 2.4.19-4GB - SuSE Linux 7.3 (i386) powered.
Attachment:
signature.asc
Description: PGP signature
