[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTinW2C8RaI4dpkmGNoZKl5DM_V-m_M9w5BCZQjhN@mail.gmail.com>
Date: Sat, 17 Jul 2010 18:45:00 +0800
From: supercodeing35271 supercodeing35271 <supercodeing35271@...il.com>
To: linux-kernel@...r.kernel.org
Subject: could not catch the absolute path on intercept the mkdir() syscall in
linux
Hi,i am now write a simple file comparison and protect program in
linux kernel module using the way of intercepting the syscall.What i
have done is that when the module insmod into kernel,i can appoint a
path that make any action which intend to mkdir in the path return a
fail,so the path can be protect against malicious tamper.
How the module work is very simply as a way of intercept the mkdir()
syscall,i think lots of guy know about the theory.
But,it is not perfect.Because the module can only identify the
absolute path.Then situation,when we open a shell like this:
root@...ame-desktop:/home/myname/test# mkdir dirkkk
As this command running, a directory named dirkkk in the path
/home/myname/test has been created.Also use the command mkdir
/home/myname/test/dirkkk is the same.
But the module i wrote only realize the mkdir
/home/myname/test/dirkkk.This is the mkdir syscall function in 2.6.34:
asmlinkage long sys_mkdir(const char __user *pathname, int mode);
In my module,i intercept it and make a function named my_mkdir which
has the same parameters:
asmlinkage long my_mkdir(const char __user *pathname, int mode)
{
if(strcmp(pathname,"/home/myname/test/dirkkk") == 0)
{
return -1;
}
return sys_mkdir(pathname,mode);
}
The module strcmp the pathname,if the pathname is which has been
setting as forbid,then return -1.Command mkdir
/home/myname/test/dirkkk may return a fail,but if mkdir dirkkk,it
doesn't forbid.Because the pathname is "dirkkk",not the
"/home/myname/test/dirkkk",it may return a original sys_mkdir.
So my question is that is any idea of identify the shell command like
mkdir if it is a absolute path or not,and how to change relative path
into absolute for my module can intercept the relative path
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists