lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Aug 2012 21:43:49 +0530 From: Ajay Garg <ajaygargnsit@...il.com> To: richard.weinberger@...il.com, balbi@...com, Alan Cox <alan@...rguk.ukuu.org.uk> Cc: linux-kernel@...r.kernel.org Subject: Re: How to hack syscall-table, in kernel 2.6+ ? Thanks Richard, Felipe, Alan. First of all, let me tell you that I am highly previleged talking to some of the most distinguished hackers in the world. Alan, I truly admire you :) So, the use-case I am trying to solve, is that only a particular process should be able to read a group of files, and no one else (i.e. no-other-user/ no-other-process/no-other-anything). The only exception is the "root" user, and any user holding "sudo" previleges. So, only a particular process (with a specified PID), the superuser, and any user-carrying-sudo previleges, should be able to read a group of files. I am still in the process of reading Felipe's link to SeLinux; and it seems that there might just be the way to achieve what I want :) Let me figure out the details :) Thanks and Regards, Ajay On Tue, Aug 14, 2012 at 6:10 PM, Alan Cox <alan@...rguk.ukuu.org.uk> wrote: >> I have already tried extracting the address of the "sys_call_table" >> from "System.Map"; however, I am still not able to replace the >> function-pointers with mine. > > Correct. > >> Trying to do gives me page-faults, apparently meaning that the >> syscall-table memory area is read-only. > > Correct. > > The kernel is specifically designed to stop such uses by rootkits and > trojans and other malware. > > If you are trying to patch the system call table you are doing something > wrong. What are you actually trying to achieve ? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists