From owner-freebsd-fs@FreeBSD.ORG Mon Jan 25 09:33:36 2010 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51D1F106566C for ; Mon, 25 Jan 2010 09:33:36 +0000 (UTC) (envelope-from mjyo7hanbe@gmail.com) Received: from mail-gx0-f214.google.com (mail-gx0-f214.google.com [209.85.217.214]) by mx1.freebsd.org (Postfix) with ESMTP id 0CA168FC16 for ; Mon, 25 Jan 2010 09:33:35 +0000 (UTC) Received: by gxk6 with SMTP id 6so1479784gxk.13 for ; Mon, 25 Jan 2010 01:33:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=saXIZMcrAvFku2Ix7+3xS+oE16huHGbGlU9KjCESpew=; b=uqy67OP3XEtbdabGDoeU8U8KuUcSCcXFoGAdCI4I47WgvxBuVNk7f+wKleDgWxkomo LdBLcVRQ1fAu/hlefFrzwhDy4S2JmSGR/yHp6V03jV1etNDqDqti45/2yH7We6+NXT74 75ZK6uoSCyANE74AltvBz8OCLuS8LVgTnZXhM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=c3lIvEMEkvfiMAS8mA75CZuHiyQgyzsq5piuzs12ECQmkZ2sRX/yv1qObPpY+yqLxk HKbHrbbAe1Xec55QvG4+/zGKOPoXCULyg/i0ciTMuOTwgkjGXeR9fCurpJ5sYCSk12Vw uazfl+08z98pBS8Lqx0Q7CbqCjx2jty+Sc8ow= Received: by 10.101.10.6 with SMTP id n6mr6344674ani.60.1264410212558; Mon, 25 Jan 2010 01:03:32 -0800 (PST) Received: from d17-098.csce.kyushu-u.ac.jp (d17-098.csce.kyushu-u.ac.jp [133.5.17.98]) by mx.google.com with ESMTPS id 5sm1670160ywd.57.2010.01.25.01.03.30 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 25 Jan 2010 01:03:32 -0800 (PST) Message-ID: <4B5969DC.9000605@gmail.com> Date: Fri, 22 Jan 2010 18:03:24 +0900 From: Jun Furukawa User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: freebsd-fs@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: I want to hook X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jan 2010 09:33:36 -0000 I want to make an automatic encryption system by hooking functions for read and write. Here is the list of the candidates for that. (This is from "The Design and Implementation of the FreeBSD Section8.9 Figure8.32") write() read() (/usr/src/sys/kern/sys_generic.c) | | vn_write() vn_read() (/usr/srs/sys/kern/vfs_vnoops.c) | | ffs_write() ffs_read() (/usr/src/sys/ufs/ffs/ffs_vnops.c) | | ffs_balloc() ufs_bitmap() I want to encrypt data when that is copied to external devices like USB mass storage devices. If possible could you tell me what function I should hook to achieve that? I tried to hook write(), read() systemcall functions to do that by referencing the book, "Designing BSD Rootkits: An Introduction to Kernel Hacking". However I realized that I cannot achieve my goal by that method because the only information about the file I can get by the arguments of write(), and read() is file descriptors. From my investigation, I think we cannot specify whether a file is written to or read from USB mass storage devices with a file descriptor.