[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: trapping execve()

To: John Levon <movement@marcelothewonderpenguin.com>
Subject: Re: trapping execve()
From: Sridhar N <srin@symonds.net>
Date: Mon, 13 May 2002 22:33:57 +0530
Cc: "Mailing List:Kernel Newbies" <kernelnewbies@nl.linux.org>
In-Reply-To: <20020511164344.GA74665@compsoc.man.ac.uk>
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
Original-Recipient: rfc822;kernelnewbies-archive@nl.linux.org
References: <200205100121.g4A1LXqQ002002@srin.homelinux.net> <20020511164344.GA74665@compsoc.man.ac.uk>
Sender: kernelnewbies-bounce@nl.linux.org

On Saturday 11 May 2002 10:13 pm, John Levon wrote:
> On Thu, May 09, 2002 at 10:35:25PM +0530, Sridhar N wrote:
> I have now added a short FAQ on intercepting system calls, and in
> particular sys_execve().
>
> Please comment on any clarity or correctness problems

ok, my problem is that trapping execve() is a very critical part of my 
mini-Intrusion Detection System that i'm developing as part of a college 
project.  Most of the components of this project have been untested so far, 
so basically w're doing prototypes right now....and sys_execve() is a place i 
got stuck.  
	Reading your FAQ, i just got a bit confused on the how the sys_execve() 
works, can you elaborate on it ? And the part about providing a hook ... I 
just want to printk the name of the executable and be done with it. Can't it 
be done in an easier way ?

regards
Sridhar


-- 
Anyone can do any amount of work provided it isn't the work he is supposed to 
be doing
		-- Murphy's Laws on Work

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/

Follow-Ups:
- Re: trapping execve()
  - From: Greg KH <greg@kroah.com>
- Re: trapping execve()
  - From: Seth Arnold <sarnold@wirex.com>
- Re: trapping execve()
  - From: John Levon <movement@marcelothewonderpenguin.com>

References:
- trapping execve()
  - From: Sridhar N <srin@symonds.net>
- Re: trapping execve()
  - From: John Levon <movement@marcelothewonderpenguin.com>

Prev by Date: Re: ioctl driver call additional info
Next by Date: Re: ioctl driver call additional info
Prev by thread: Re: trapping execve()
Next by thread: Re: trapping execve()
Index(es):
- Date
- Thread