[Dazuko-devel] execve syscall hooking

dazuko-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Dazuko-devel] execve syscall hooking

From:	Sami Tikka
Subject:	[Dazuko-devel] execve syscall hooking
Date:	Tue, 13 Dec 2005 11:52:17 +0200
User-agent:	Mutt/1.5.9i

I have some good news and some bad news.

Good news: Syscall hooking in Linux 2.6 is done and it works.

Bad news: sys_execve hook does not work :)

The dazuko replacement for sys_execve does its magic and then, instead
of calling sys_execve, it inlines the sys_execve code, which involves a
call to do_execve, which does all the real work.

Unfortunately, it seems that do_execve is not an exported symbol in 2.6
kernels.

I do not quite understand the comments explaining why sys_execve cannot
be called directly in dazuko_linux.c. Could someone elaborate?

-- 
Sami Tikka                          tel: +358 9 2520 5115
Senior Software Engineer            fax: +358 9 2520 5013
F-Secure Corporation                http://www.f-secure.com/
BE SURE

[Prev in Thread]

Current Thread

[Next in Thread]

[Dazuko-devel] execve syscall hooking, Sami Tikka <=

Prev by Date: [Dazuko-devel] Dazuko 2.1.1-pre3 posted
Next by Date: [Dazuko-devel] Unknown event error when RMDIR is enabled
Previous by thread: [Dazuko-devel] Dazuko 2.1.1-pre3 posted
Next by thread: [Dazuko-devel] Unknown event error when RMDIR is enabled
Index(es):
- Date
- Thread