Date: Wed, 7 May 2003 18:18:56 +0200 (CEST)
From: Steffen Persvold <sp@scali.com>
To: petter wahlman <petter@bluezone.no>
cc: linux-kernel@vger.kernel.org
Subject: Re: The disappearing sys_call_table export.
In-Reply-To: <1052321673.3727.737.camel@badeip>
Message-ID: <Pine.LNX.4.44.0305071807250.3573-100000@sp-laptop.isdn.scali.no>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1299
Lines: 33

On 7 May 2003, petter wahlman wrote:

>  
> It seems like nobody belives that there are any technically valid
> reasons for hooking system calls, but how should e.g anti virus
> on-access scanners intercept syscalls?
> Preloading libraries, ptracing init, patching g/libc, etc. are
> obviously not the way to go.
> 

Well, for a system wide system call hook, a kernel mechanism is necessary 
(and useful too IMHO). However for our usage (MPI) it is enough to know 
when the current process calls either sbrk(-n) or munmap glibc functions, 
thus it is sufficient to implement some kind of callback functionality for 
certain glibc functions, sort of like the malloc/free hooks but on a more 
general basis since some applications doesn't use malloc/free but 
implement their own alloc/free algorithms using the syscalls (one example 
is f90 apps).

Ideas anyone ?

Regards,
-- 
  Steffen Persvold   |       Scali AS      
 mailto:sp@scali.com |  http://www.scali.com
Tel: (+47) 2262 8950 |   Olaf Helsets vei 6
Fax: (+47) 2262 8951 |   N0621 Oslo, NORWAY

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/