Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 21 Oct 2002 14:10:39 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 21 Oct 2002 14:10:39 -0400 Received: from ncc1701.cistron.net ([62.216.30.38]:49158 "EHLO ncc1701.cistron.net") by vger.kernel.org with ESMTP id ; Mon, 21 Oct 2002 14:10:38 -0400 From: "Miquel van Smoorenburg" Subject: Re: System call wrapping Date: Mon, 21 Oct 2002 18:16:10 +0000 (UTC) Organization: Cistron Message-ID: References: <1035222121.1063.20.camel@pc177> Content-Type: text/plain; charset=iso-8859-15 X-Trace: ncc1701.cistron.net 1035224170 26520 62.216.29.67 (21 Oct 2002 18:16:10 GMT) X-Complaints-To: abuse@cistron.nl X-Newsreader: trn 4.0-test76 (Apr 2, 2001) Originator: miquels@cistron-office.nl (Miquel van Smoorenburg) To: linux-kernel@vger.kernel.org Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 956 Lines: 17 In article <1035222121.1063.20.camel@pc177>, Henr? ??r Baldursson wrote: >In our Windows product we have something called "Realtime protector" >which monitors file access on Windows running machines and scans them >before allowing access. > >We now want, due to customer demand, to supply our Linux users with >similar functionality, and we've created a 2.4.x kernel module which >wrapped the open system call by means of overwriting >sys_call_table[__NR_open]. What is wrong with a preloaded library (by means of /etc/ld.so.preload) that intercepts open at the library level (and calls the real open() using RLTD_NEXT) ? Just let it talk over a unix socket to your scanner server. Mike. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/