To: linux-kernel@vger.kernel.org
Path: not-for-mail
From: daw@mozart.cs.berkeley.edu (David Wagner)
Newsgroups: isaac.lists.linux-kernel
Subject: Re: The disappearing sys_call_table export.
Date: 10 May 2003 20:48:13 GMT
Organization: University of California, Berkeley
Distribution: isaac
Message-ID: <b9joid$hv1$1@abraham.cs.berkeley.edu>
References: <Pine.LNX.4.44.0305102217300.1163-100000@marcellos.corky.net>
NNTP-Posting-Host: mozart.cs.berkeley.edu
NNTP-Posting-Date: 10 May 2003 20:48:13 GMT
Originator: daw@mozart.cs.berkeley.edu (David Wagner)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 926
Lines: 15

Yoav Weiss  wrote:
>The solution is to have only ONE REAL copy, done by the wrapper.  The
>original syscall will copy from a kernel ptr, unknowingly.  Consider
>the following modified pseudo-code:

Let's see you do sys_execve()...  sys_socketcall() and sys_ioctl() are
fun, too.  (And, I worry about doubly-indirected pointers, for instance.)
It's probably do-able, but you'd better stock up on the Advil in advance:
we're in major headache country, folks.

>Now, don't get me wrong - I still think intercepting the syscall is not
>the right thing to do in this case, since LSM provides hooks in better
>locations.

Right.  LSM seems like a better answer for security applications.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/