Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Replacing Kernel Functions via a LKM

From: dr () DURSEC COM (Dragos Ruiu)
Date: Fri, 28 Apr 2000 22:24:01 -0700

On Thu, 27 Apr 2000, Dragos Ruiu wrote:

On Thu, 27 Apr 2000, Granquist, Lamont wrote:

Is there a way to intercept calls to a given function in the kernel via a
LKM?  Specifically I'd like to intercept proc_root_lookup() in in
fs/proc/root.c and replace it with my own procedure. (motivation for doing
so is left as an excersize to the reader)


I would think so...
Why not patch the kernel in ram to replace a chunk of the proc itself at
the beginning of it to jump to your own code... it can then do the work of the
overwritten proc code and whatever...err... else you want to do.

Doing so is left as an exercise for the reader. :-)
But, I don't know why they would ever want to do such a thing....

   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It was sarcasm... I guess I was being too witty for my own good.
A very literal bunch here. :-) I understand why one would be
interested in doing this....  Thanks.

--
dursec.com / kyx.net - we're from the future                      http://www.dursec.com
learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver

Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld,
 Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD
   Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com
Previous By Date Next
Previous By Thread Next

Current thread: