[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: trapping execve()

To: Sridhar N <srin@symonds.net>
Subject: Re: trapping execve()
From: Greg KH <greg@kroah.com>
Date: Mon, 13 May 2002 08:33:38 -0700
Cc: "Mailing List:Kernel Newbies" <kernelnewbies@nl.linux.org>
In-Reply-To: <200205131713.g4DHDV3e008401@srin.homelinux.net>
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
Original-Recipient: rfc822;kernelnewbies-archive@nl.linux.org
References: <200205100121.g4A1LXqQ002002@srin.homelinux.net> <20020511164344.GA74665@compsoc.man.ac.uk> <200205131713.g4DHDV3e008401@srin.homelinux.net>
Reply-By: Mon, 15 Apr 2002 14:16:21 -0700
Sender: kernelnewbies-bounce@nl.linux.org
User-Agent: Mutt/1.3.26i

On Mon, May 13, 2002 at 10:33:57PM +0530, Sridhar N wrote:
> 
> ok, my problem is that trapping execve() is a very critical part of my 
> mini-Intrusion Detection System that i'm developing as part of a college 
> project. 

You might want to build your project on top of the Loadable Security
Modules patch at: http://lsm.immunix.org/ which allows you to focus on
the policy and implementation issues of your security system, and not on
things like "where to put this hook", and "how to grab a syscall".

As has been stated on this list many times, don't hook syscalls, it
isn't portable, or race free.

Just a suggestion :)

thanks,

greg k-h
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/

References:
- trapping execve()
  - From: Sridhar N <srin@symonds.net>
- Re: trapping execve()
  - From: John Levon <movement@marcelothewonderpenguin.com>
- Re: trapping execve()
  - From: Sridhar N <srin@symonds.net>

Prev by Date: Re: ioctl driver call additional info
Next by Date: Re: Kernel with debugging info
Prev by thread: Re: trapping execve()
Next by thread: Re: trapping execve()
Index(es):
- Date
- Thread