Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Capturing System Calls

From: lcamtuf () DIONE IDS PL (Michal Zalewski)
Date: Thu, 22 Jun 2000 23:30:45 +0200

On Thu, 22 Jun 2000, Granquist, Lamont wrote:


Under linux you can modify the syscall table through a loadable kernel
module.  This will allow you to modify the behavior of system calls.  This
may satisfy the restriction that you're not allowed to modify the kernel,
since you're doing it dynamically and the underlying code remains the
same.


Depends. For me, such "outside" change of kernel space (loading modules,
modyfing /dev/kmem, accessing physical memory, using hardware debugging
tools etc to change behaviour of some kernel functions) are modifications
of (living) kernel - because we're changing its default behaviour by
playing with kernel memory area and kernel execution level. It's better to
talk about intercepting syscalls without such interference - using pure
userspace.

But of course, we don't know what it means for these people :)

_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
Previous By Date Next
Previous By Thread Next

Current thread: