Date: Fri, 22 Jan 2010 18:03:24 +0900 From: Jun Furukawa <mjyo7hanbe@gmail.com> To: freebsd-fs@freebsd.org Subject: I want to hook Message-ID: <4B5969DC.9000605@gmail.com>
next in thread | raw e-mail | index | archive | help
I want to make an automatic encryption system by hooking
functions for read and write.
Here is the list of the candidates for that.
(This is from "The Design and Implementation of the FreeBSD
Section8.9 Figure8.32")
write() read() (/usr/src/sys/kern/sys_generic.c)
| |
vn_write() vn_read() (/usr/srs/sys/kern/vfs_vnoops.c)
| |
ffs_write() ffs_read() (/usr/src/sys/ufs/ffs/ffs_vnops.c)
| |
ffs_balloc() ufs_bitmap()
I want to encrypt data when that is copied to external
devices like USB mass storage devices.
If possible could you tell me what function I should hook to achieve that?
I tried to hook write(), read() systemcall functions to do that by
referencing
the book, "Designing BSD Rootkits: An Introduction to Kernel Hacking".
However I realized that I cannot achieve my goal by that method because
the only information about the file I can get by the arguments of write(),
and read() is file descriptors.
From my investigation, I think we cannot specify whether a file is
written to
or read from USB mass storage devices with a file descriptor.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B5969DC.9000605>