On Tue, 07 Mar 2017 20:22:33 +0100, Greg KH said: > On Mon, Mar 06, 2017 at 10:18:26AM +0300, Lev Olshvang wrote: > Why do you want to hook a syscall? that's a very complex, and broken, > and ill-advised thing to do. Please don't do that. > > What problem are you trying to solve here that led you to think that > putting a syscall hook in is a good solution? To expand on that - most cases where you want to hook execve() to get the filename should *already* be doable via the LSM (Linux Security Module) interface. If you're just doing a chainsaw patch that won't be distributed, a good starting point is to just add to security/yama/yama_lsm.c (all that does currently is mediate calls to ptrace()). If you're trying to build an entirely new LSM, the Yama code is a good framework to copy...
Attachment:
pgpJX_S15mLJy.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
