Date: Tue, 9 Dec 2003 20:48:56 -0700 From: Shawn Webb <shawnwebb@softhome.net> To: freebsd-hackers@freebsd.org Subject: Re: Intercepting syscall Message-ID: <200312092048.56959.shawnwebb@softhome.net> In-Reply-To: <courier.3FD68DA3.0000493C@softhome.net> References: <courier.3FD68DA3.0000493C@softhome.net>
next in thread | previous in thread | raw e-mail | index | archive | help
sorry, I realized my old code was outdated, changed it... But, this also brings on another question... Is there a way to make the syscall table readonly via an LKM? Would it even be logical? grsec for Linux does just that... (except, grsec isn't an LKM) On Tuesday 09 December 2003 20:06, shawnwebb@softhome.net wrote: > I remember trying once on a FreeBSD 5.0-RELEASE box an LKM I wrote to > intercept the open() call, yet it didn't work. The same code worked on a > FreeBSD 4.7-RELEASE box. > > What I'm wondering is if FreeBSD 5.x has a readonly syscall table. Or maybe > the ways of changing the syscall table has changed. > > Am I mistaken? > > In not too much importance, but relevant to my question, the reason why I'm > asking, is I was presented to write an IPS (Intrusion Prevention System). > > Thanks for your help, > > Shawn Webb > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312092048.56959.shawnwebb>