Subject: Re: The disappearing sys_call_table export.
From: Arjan van de Ven <arjanv@redhat.com>
Reply-To: arjanv@redhat.com
To: petter wahlman <petter@bluezone.no>
Cc: linux-kernel@vger.kernel.org
In-Reply-To: <1052321673.3727.737.camel@badeip>
References: <1052321673.3727.737.camel@badeip>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-DIHKYFVer4MvqFuuuiGK"
Organization: Red Hat, Inc.
Message-Id: <1052322520.1404.2.camel@laptop.fenrus.com>
Mime-Version: 1.0
Date: 07 May 2003 17:48:40 +0200
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1242
Lines: 35


--=-DIHKYFVer4MvqFuuuiGK
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2003-05-07 at 17:34, petter wahlman wrote:
>  It seems like nobody belives that there are any technically valid
> reasons for hooking system calls, but how should e.g anti virus
> on-access scanners intercept syscalls?
> Preloading libraries, ptracing init, patching g/libc, etc. are
> obviously not the way to go.

those obviously need to be implemented via the security subsystem (eg
LSM). Hooks are obviously the wrong level to do things and I could even
tell you that you cannot implement this right from a module actually.


--=-DIHKYFVer4MvqFuuuiGK
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+uSrYxULwo51rQBIRAgllAJ4hMqz7dEnYVGGuAeKqn2Al4RX+1ACgnnom
kpCZPte2DWDzNUzKNeNSSp0=
=/jiQ
-----END PGP SIGNATURE-----

--=-DIHKYFVer4MvqFuuuiGK--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/