I am using the LSM framework even though it need recompiling the kernel. But I will also give a try to the kernelroll module.
Modifying sys_call_table is easier to get error but it can get more freedom than LSM framework which could only hook on limit hooking points.
On Mon, Nov 28, 2011 at 9:12 AM, richard -rw- weinberger <richard.weinberger@xxxxxxxxx> wrote:
On Sun, Nov 27, 2011 at 11:17 PM, Jonathan NeuschäferPlease keep in mind that hooking a system call is very bad and error prone.
<j.neuschaefer@xxxxxxx> wrote:
> On Wed, Nov 23, 2011 at 04:40:14PM +0800, Geraint Yang wrote:
>> Hello everyone,
>>
>> I am going to hook a system call like 'read' or 'send' by modifying the
>> sys_call_table, but it seems that the sys_call_table is in read only page,
>> how can I set modify the sys_call_table ? Or if there any method that I can
>> use to hook a system call in module without modify the kernel source?
--
Thanks,
//richard
--
Geraint Yang
Tsinghua University Department of Computer Science and Technology
Tsinghua University Department of Computer Science and Technology
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
