Vulnerability Development mailing list archives
Re: Capturing System Calls
From: lcamtuf () DIONE IDS PL (Michal Zalewski)
Date: Thu, 22 Jun 2000 23:30:45 +0200
On Thu, 22 Jun 2000, Granquist, Lamont wrote:
Under linux you can modify the syscall table through a loadable kernel module. This will allow you to modify the behavior of system calls. This may satisfy the restriction that you're not allowed to modify the kernel, since you're doing it dynamically and the underlying code remains the same.
Depends. For me, such "outside" change of kernel space (loading modules, modyfing /dev/kmem, accessing physical memory, using hardware debugging tools etc to change behaviour of some kernel functions) are modifications of (living) kernel - because we're changing its default behaviour by playing with kernel memory area and kernel execution level. It's better to talk about intercepting syscalls without such interference - using pure userspace. But of course, we don't know what it means for these people :) _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- Re: Capturing System Calls, (continued)
- Re: Capturing System Calls Steve Mosher (Jun 22)
- Re: Capturing System Calls Chon-Chon Tang (Jun 22)
- Re: Capturing System Calls Jonathan Leto (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Capturing System Calls Ryan Permeh (Jun 22)
- Re: Capturing System Calls Pavel Kankovsky (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Andrew Reisse (Jun 22)
- Re: Capturing System Calls Rajiv Dighe (Jun 22)
- Re: Capturing System Calls Granquist, Lamont (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Fwd: ShowFile CGI Security Vulnerability Blue Boar (Jun 21)
- Re: Another new worm??? Crispin Cowan (Jun 22)
- Re: Another new worm??? Justin Lintz (Jun 21)
- Re: Another new worm??? Steve Mosher (Jun 22)
- Re: Another new worm??? Michael S Hines (Jun 23)
- Re: Another new worm??? David Knaack (Jun 22)