Vulnerability Development mailing list archives
Re: Replacing Kernel Functions via a LKM
From: dr () DURSEC COM (Dragos Ruiu)
Date: Fri, 28 Apr 2000 22:24:01 -0700
On Thu, 27 Apr 2000, Dragos Ruiu wrote:
On Thu, 27 Apr 2000, Granquist, Lamont wrote:Is there a way to intercept calls to a given function in the kernel via a LKM? Specifically I'd like to intercept proc_root_lookup() in in fs/proc/root.c and replace it with my own procedure. (motivation for doing so is left as an excersize to the reader)I would think so... Why not patch the kernel in ram to replace a chunk of the proc itself at the beginning of it to jump to your own code... it can then do the work of the overwritten proc code and whatever...err... else you want to do. Doing so is left as an exercise for the reader. :-) But, I don't know why they would ever want to do such a thing....
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It was sarcasm... I guess I was being too witty for my own good. A very literal bunch here. :-) I understand why one would be interested in doing this.... Thanks. -- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com
Current thread:
- Re: Eudora Pro Buffer Overflow testing in progress - help needed., (continued)
- Re: Eudora Pro Buffer Overflow testing in progress - help needed. Blue Boar (Apr 28)
- Re: Blind Remote Buffer Overflow Marc (Apr 28)
- Re: Blind Remote Buffer Overflow Ralph The Wonder Llama (Apr 28)
- Re: Blind Remote Buffer Overflow Matthew R. Potter (Apr 28)
- Re: Blind Remote Buffer Overflow Sebastian (Apr 29)
- Re: Blind Remote Buffer Overflow Mark L. Jackson (Apr 29)
- Re: Blind Remote Buffer Overflow Arturo Busleiman (Apr 30)
- Re: Blind Remote Buffer Overflow Arturo Busleiman (Apr 30)
- Replacing Kernel Functions via a LKM Granquist, Lamont (Apr 27)
- Re: Replacing Kernel Functions via a LKM Dragos Ruiu (Apr 27)
- Re: Replacing Kernel Functions via a LKM Dragos Ruiu (Apr 28)
- Re: Replacing Kernel Functions via a LKM Prateek Jetly (Apr 27)
- Re: No-Exec Stack Smashing 101 Michael H. Warfield (Apr 26)
- Re: No-Exec Stack Smashing 101 Crispin Cowan (Apr 26)
- Re: No-Exec Stack Smashing 101 Taneli Huuskonen (Apr 26)
- Re: No-Exec Stack Smashing 101 Michael H. Warfield (Apr 20)