Hi... On Mon, Nov 17, 2008 at 7:39 PM, Giannis Kozyrakis <trv@xxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I'm doing some research, and i've noticed an odd thing in my opinion: > > 1. According to all references, the /proc/kallsyms file contains all the > global kernel symbols, and those of the modules too. [ NOT just the > exported symbols like /proc/ksyms used to do in 2.4 kernels ] > > 2. Due to the above fact, the sys_call_table symbol should be inside it. > > > In ubuntu, it actually is there, it can be found with a grep. > > BUT, i've tested also in Debian, Redhat el4, centos4, and fedora 9, and > the symbol is NOT inside the kallsyms file. > > Can someone explain this behaviour? And, should this symbol be in there > or not? very likely, you saw it in ubuntu kernel because it is not made hidden. But in fedora, for example, some developers decided to make it hidden....thus making it hard to create "malicious" software such as rootkit. As you probably aware off, hooking sys_call_table is one of the way to intercept and/or manipulate kernel. well, it won't stop crackers to do that, but at least it puts more trouble for them.. regards, Mulyadi. -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
