On Thu, Oct 17, 2002 at 05:55:19PM +0200, Paolo Perego wrote: > It's a sad, sad day for me [ and some friend of mine ]. I'm one of the > core developer of AngeL, a kernel module which tries to prevent your > host for performing host and net based attacks. For host based I means > that it stops buffer overflow or format bug attempt looking at the suid > program input or environment before execute it. The main problem it's > that I need to intercept sys_execve and write a wrapper for it in order > to do this. > > Mister <arjanv@redhat.com> says that sys_call_table is from 2.5.41 > private and who wants to intercept system calls is a bad guys. I'm sure > I can write AngeL as a kernel patch instead a module, but the later > approach is better in my opionion. > > The final question... if my module *needs* intercept system calls > performing sanity check before the original call is called, how can I > achieve this goal without sys_call_table? > > I'm hungry, sad and hopeless in watching 2 year's project maybe in > death... :( Changing system calls has _always_ been frowned apon, and discouraged. Makeing the table not public just reinforces the fact that you should not be trying to do that (it's racy and not portable.) See the lkml thread for the reasons why this was done, and why you do not want to do this. You might check out the LSM hooks, they are in the 2.5 kernel and should give you everything you need to implement your security module. If not, let us (the lsm group) know, and we'll work to try to help you out. thanks, greg k-h -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
