Re: stop mount/read/write

2009-06-17 Thread Sandu Popa Marius
On Wed, Jun 17, 2009 at 5:53 PM, Pei Lin wrote: > ^-^, delete these commands from your computer or make a "fake" command > instead of them. > disable network,usb,cdrom, never let anybody to copy these command in > your computerLOL > > hijack the glibc or the dynamic library which these comman

Re: stop mount/read/write

2009-06-16 Thread Sandu Popa Marius
On Tue, Jun 16, 2009 at 6:07 PM, Shaz wrote: > > Hooks have nothing to do with sys_call_table. These hooks are call back > functions (pointer to functions). If you read the LSM paper that is provided > as a reference in an earlier message in the thread then it has details. If > you study the kern

kprobes and system calls

2009-06-16 Thread Sandu Popa Marius
Can you modify a sistem call params with Kprobes? Marius

Re: stop mount/read/write

2009-06-16 Thread Sandu Popa Marius
Can you stop a system call with Kprobes? I thought it was only used for debugging. Marius On Tue, Jun 16, 2009 at 2:03 PM, Mulyadi Santosa wrote: > On Tue, Jun 16, 2009 at 5:42 PM, Sandu Popa > Marius wrote: > > > >> Is there a way the hook Linux kernel without modifying

Re: stop mount/read/write

2009-06-16 Thread Sandu Popa Marius
> Is there a way the hook Linux kernel without modifying the sys_call_table? > This should actually be: Is there a way *to hook the* Linux kernel without modifying the sys_call_table? Sorry for the brain trauma :). > > Marius > > > > >

Re: stop mount/read/write

2009-06-16 Thread Sandu Popa Marius
> > > Then you have to write your own hooks apart from LSM! > Is there a way the hook Linux kernel without modifying the sys_call_table? Marius

Re: stop mount/read/write

2009-06-16 Thread Sandu Popa Marius
> > > > The LD_PRELOAD method has a few drawbacks: security issues, statically > > linked programs. I am looking for another solution. > > Marius > > You can analyze LSM, it seems to be a good solution. ([1]). > > thanks, > Daniel. > > [1] http://www.usenix.org/event/sec02/full_papers/wright/wright

Re: stop mount/read/write

2009-06-16 Thread Sandu Popa Marius
On Tue, Jun 16, 2009 at 12:02 PM, Vishal Thanki wrote: > In case where you want to intercept these calls, you can write a shared > library by having your implementation of these calls (i.e. > read/write/mount). And then, set the path of this library in LD_PRELOAD > environment. Any application run

Re: stop mount/read/write

2009-06-16 Thread Sandu Popa Marius
> > > Then the question is, during the case when the machine needs to be > halted/powered off which unmounting must be done by root, how do you > overcome it? Or do we miss something from your question? > > regards, > > Mulyadi. > I'm sorry if my question was unclear. Let me reformulate: How do I

Re: stop mount/read/write

2009-06-15 Thread Sandu Popa Marius
> > isn't chmod useful. > > thanks, > Daniel > No. I want to block every user, even the root from ever using these commands.

stop mount/read/write

2009-06-15 Thread Sandu Popa Marius
Hello. Is there a way to stop commands like mount/read/write without being to intrusive(sys_call_table modification) ? Is LSM useful for this? Thanks, Marius