Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Nov 2003 13:51:41 +0100
From:      Pawel Jakub Dawidek <nick@garage.freebsd.pl>
To:        Samy Al Bahra <samy@kerneled.com>
Cc:        Kai Zhu <zkzklj@yahoo.com>
Subject:   Re: Questions on intercepting execve syscall
Message-ID:  <20031117125141.GA511@garage.freebsd.pl>
In-Reply-To: <1069056130.3fb8808299d19@www.kerneled.com>
References:  <20031116155330.42894.qmail@web21409.mail.yahoo.com> <20031116201323.GA26716@enderunix.org> <1069056130.3fb8808299d19@www.kerneled.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Nov 17, 2003 at 11:02:10AM +0300, Samy Al Bahra wrote:
+> > See http://www.enderunix.org/murat/linux_subexec/linux_subexec.c for a=
 simple
+> > example.
+>=20
+> This is 4.X specific (proc usage). I would just like to note that there =
is an=20
+> execve symbol which you can reference in your code directly (rather than=
=20
+> creating your own pointer for deinitialization).
+>=20
+> EX:
+> -sysent[SYS_execve].sy_call =3D (sy_call_t *)oldexecve;
+> +sysent[SYS_execve].sy_call =3D (sy_call_t *)execve;

And if there are two modules that intercept execve(2)?

Storing old value in dedicated pointer is correct.
There still will be a problem when modules are loaded and unloaded
in random order. Unload order have to be reverse load order, if not,
invalid pointer (of module that was already unloaded) will be stored
in sysent table.

--=20
Pawel Jakub Dawidek                       pawel@dawidek.net
UNIX Systems Programmer/Administrator     http://garage.freebsd.pl
Am I Evil? Yes, I Am!                     http://cerber.sourceforge.net

--fdj2RfSjLxBAspz7
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iQCVAwUBP7jEXT/PhmMH/Mf1AQEyzwP/UvhVFPSmgDJkpuDdBbPKi2CSrwlZkawL
SHQNZPP6ihYJLqvv2FbSqNPZYjqIk4gbMSxBJh6EyZkNCDkTrX8ff7wiNf6Dy3jC
PgLnh64vNsDEf3oK+yDwCA98yT9uu8PYzUsI+w8R968rj4W/U6TFkEeAnbnbsOyR
9WK6VOgATuM=
=gqZy
-----END PGP SIGNATURE-----

--fdj2RfSjLxBAspz7--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031117125141.GA511>