lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 14 Aug 2012 14:32:47 +0300
From:	Felipe Balbi <balbi@...com>
To:	Ajay Garg <ajaygargnsit@...il.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: How to hack syscall-table, in kernel 2.6+ ?

On Tue, Aug 14, 2012 at 05:01:56PM +0530, Ajay Garg wrote:
> Hi all.
> 
> It is well known that the syscall-table had stopped being exported
> from version 2.6 onwards.
> 
> So, now as a developer, if I wish to hack into the syscall-table, and
> change the syscall-function-pointers to my custom-function-pointers
> (mainly for the reason of adding/preventing access to certain files,
> via Kernel-Loadable-Modules), what is the recommended way?
> 
> I have already tried extracting the address of the "sys_call_table"
> from "System.Map"; however, I am still not able to replace the
> function-pointers with mine.
> Trying to do gives me page-faults, apparently meaning that the
> syscall-table memory area is read-only.
> 
> 
> 
> I will be grateful, if someone could point me to the recommended way
> of doing this.

Have you looked into selinux [1] ?

[1] http://selinuxproject.org/page/Main_Page

-- 
balbi

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ