On Wed, Jun 17, 2009 at 5:53 PM, Pei Lin wrote:
> ^-^, delete these commands from your computer or make a "fake" command
> instead of them.
> disable network,usb,cdrom, never let anybody to copy these command in
> your computerLOL
>
> hijack the glibc or the dynamic library which these comman
On Tue, Jun 16, 2009 at 6:07 PM, Shaz wrote:
>
> Hooks have nothing to do with sys_call_table. These hooks are call back
> functions (pointer to functions). If you read the LSM paper that is provided
> as a reference in an earlier message in the thread then it has details. If
> you study the kern
Can you modify a sistem call params with Kprobes?
Marius
Can you stop a system call with Kprobes? I thought it was only used for
debugging.
Marius
On Tue, Jun 16, 2009 at 2:03 PM, Mulyadi Santosa
wrote:
> On Tue, Jun 16, 2009 at 5:42 PM, Sandu Popa
> Marius wrote:
> >
> >> Is there a way the hook Linux kernel without modifying
> Is there a way the hook Linux kernel without modifying the sys_call_table?
>
This should actually be:
Is there a way *to hook the* Linux kernel without modifying the
sys_call_table?
Sorry for the brain trauma :).
>
> Marius
>
>
>
>
>
>
>
> Then you have to write your own hooks apart from LSM!
>
Is there a way the hook Linux kernel without modifying the sys_call_table?
Marius
>
>
> > The LD_PRELOAD method has a few drawbacks: security issues, statically
> > linked programs. I am looking for another solution.
> > Marius
>
> You can analyze LSM, it seems to be a good solution. ([1]).
>
> thanks,
> Daniel.
>
> [1] http://www.usenix.org/event/sec02/full_papers/wright/wright
On Tue, Jun 16, 2009 at 12:02 PM, Vishal Thanki wrote:
> In case where you want to intercept these calls, you can write a shared
> library by having your implementation of these calls (i.e.
> read/write/mount). And then, set the path of this library in LD_PRELOAD
> environment. Any application run
>
>
> Then the question is, during the case when the machine needs to be
> halted/powered off which unmounting must be done by root, how do you
> overcome it? Or do we miss something from your question?
>
> regards,
>
> Mulyadi.
>
I'm sorry if my question was unclear. Let me reformulate:
How do I
>
> isn't chmod useful.
>
> thanks,
> Daniel
>
No. I want to block every user, even the root from ever using these
commands.
Hello.
Is there a way to stop commands like mount/read/write without being to
intrusive(sys_call_table modification) ?
Is LSM useful for this?
Thanks,
Marius
11 matches
Mail list logo