LinuxLists.cc - 2.4.18-14smp sys_call_table not found by the LKM loader

2002-10-22 03:17:12

Subject: 2.4.18-14smp sys_call_table not found by the LKM loader

Hi, Friends:
I use linux kernel 2.4.18-14smp. I am trying a kernel module with a reference to
sys_call_table as:
extern void *sys_call_table[];
However, when loading the module into the kernel, the loader reports:
unresolved symbol sys_call_table
I read the following and related messages. My question is:
Is it true that I can NOT reference sys_call_table[] from a kernel loadable
module in 2.4.18-14smp or higher version kernels? Then if I need to intercept
system calls, how should I do it?
Thanks a lot for answers.
Hai

Re: Two fixes for 2.4.19-pre5-ac3
Erik Tews ([email protected])
Mon, 8 Apr 2002 01:31:22 +0200

* Messages sorted by: [ date ][ thread ][ subject ][ author ]
* Next message: Brendan J Simon: "Re: [kbuild-devel] Re: Announce: Kernel
Build for 2.5, Release 2.0 is available"
* Previous message: Alan Cox: "Re: 2.4.18 AND Geode GX1/200Mhz problem"
* In reply to: Alan Cox: "Re: Two fixes for 2.4.19-pre5-ac3"

On Sun, Apr 07, 2002 at 06:42:05PM +0100, Alan Cox wrote:
> > And, unless this is reversed the OpenAFS kernel module won't load (it
> > needs sys_call_table.):
>
> Correct. There was agreement a very long time ago that code should not patch
> the syscall table (for one its not safe). AFS probably needs fixing so the
> AFS syscall hook is exported portably and nicely in the syscall code.

I am really not an expert on kernel-programming but I remember that
there was a security-hole in the ptrace-code with which one a local user
could gain root access. And there was a little kernel-modul with a
wrapper-function for the ptrace-syscall that made traces only possible
if the user who was calling this syscall was root. So if I understand
right if we don't export the syscall-table it is impossible to write
such syscall-wrapper-functions and it requires to recompile the kernel
and reboot the machiene to fix such an security-hole.

So wouldn't it be better to export the syscall-table and just write into
the documentation that it is not a good idea to manipulate syscalls or
write a compiler-makro that gives out a warning when such a module is
beeing compiled.

2002-10-22 03:33:51

by Brad Hards

[permalink] [raw]

Subject: Re: 2.4.18-14smp sys_call_table not found by the LKM loader

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 22 Oct 2002 13:23, Haizhi Xu wrote:
> Is it true that I can NOT reference sys_call_table[] from a kernel loadable
> module in 2.4.18-14smp or higher version kernels? Then if I need to
> intercept system calls, how should I do it?
Yes it is true.
You should intercept system calls like everyone else - source code patch into
mainline.

Brad
- --
http://linux.conf.au. 22-25Jan2003. Perth, Aust. I'm registered. Are you?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9tMaIW6pHgIdAuOMRAj/5AKC5Hh98df8uQswKyNzjPIYb5eS+GQCeI9TW
lSPs+qDuFUNQ09NzlGeVrSw=
=vF/t
-----END PGP SIGNATURE-----