From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 9 19:46:26 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C60416A4CE for ; Tue, 9 Dec 2003 19:46:26 -0800 (PST) Received: from jive.SoftHome.net (jive.SoftHome.net [66.54.152.27]) by mx1.FreeBSD.org (Postfix) with SMTP id 2BC1043D29 for ; Tue, 9 Dec 2003 19:46:25 -0800 (PST) (envelope-from shawnwebb@softhome.net) Received: (qmail 21183 invoked by uid 417); 10 Dec 2003 03:46:24 -0000 Received: from charleston-.softhome.net (HELO softhome.net) (172.16.2.12) by shunt-smtp-out-0 with SMTP; 10 Dec 2003 03:46:24 -0000 Received: from 216.126.195.206 ([216.126.195.206]) (AUTH: PLAIN shawnwebb@softhome.net) by softhome.net with esmtp; Tue, 09 Dec 2003 20:46:22 -0700 From: Shawn Webb To: freebsd-hackers@freebsd.org Date: Tue, 9 Dec 2003 20:48:56 -0700 User-Agent: KMail/1.5.2 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200312092048.56959.shawnwebb@softhome.net> Subject: Re: Intercepting syscall X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 03:46:26 -0000 sorry, I realized my old code was outdated, changed it... But, this also brings on another question... Is there a way to make the syscall table readonly via an LKM? Would it even be logical? grsec for Linux does just that... (except, grsec isn't an LKM) On Tuesday 09 December 2003 20:06, shawnwebb@softhome.net wrote: > I remember trying once on a FreeBSD 5.0-RELEASE box an LKM I wrote to > intercept the open() call, yet it didn't work. The same code worked on a > FreeBSD 4.7-RELEASE box. > > What I'm wondering is if FreeBSD 5.x has a readonly syscall table. Or maybe > the ways of changing the syscall table has changed. > > Am I mistaken? > > In not too much importance, but relevant to my question, the reason why I'm > asking, is I was presented to write an IPS (Intrusion Prevention System). > > Thanks for your help, > > Shawn Webb > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"