Date: Tue, 09 Dec 2003 20:06:11 -0700 From: shawnwebb@softhome.net To: freebsd-hackers@freebsd.org Subject: Intercepting syscall Message-ID: <courier.3FD68DA3.0000493C@softhome.net>
next in thread | raw e-mail | index | archive | help
I remember trying once on a FreeBSD 5.0-RELEASE box an LKM I wrote to intercept the open() call, yet it didn't work. The same code worked on a FreeBSD 4.7-RELEASE box. What I'm wondering is if FreeBSD 5.x has a readonly syscall table. Or maybe the ways of changing the syscall table has changed. Am I mistaken? In not too much importance, but relevant to my question, the reason why I'm asking, is I was presented to write an IPS (Intrusion Prevention System). Thanks for your help, Shawn Webb
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?courier.3FD68DA3.0000493C>