| |||||||||||||
Critical Linux security API is still a kludge (Inquirer)Critical Linux security API is still a kludge (Inquirer)Posted Oct 24, 2006 3:07 UTC (Tue) by ringerc (subscriber, #3071)In reply to: Critical Linux security API is still a kludge (Inquirer) by madscientist Parent article: Critical Linux security API is still a kludge (Inquirer)
It needs to intercept and modify the behaviour of system calls. That is not supported (by design) in the module interface - the kernel *must* be modified. There's a dirty hack that does it from modules anyway, but it's not a great idea and frowned upon.
Why the syscall table isn't available from modules seems to be largely a politicial issue. My impression is that the kernel devs don't want large extensions of the kernel that insert lots of hooks to be possible as modules - perhaps because of the whole closed-source module issue?
Anyway, I'd be surprised if they didn't need to patch the kernel to get their syscall hooks in place.
(Log in to post comments)
Critical Linux security API is still a kludge (Inquirer) Posted Oct 24, 2006 12:00 UTC (Tue) by madscientist (subscriber, #16861) [Link] > Anyway, I'd be surprised if they didn't need to patch the kernel to get> their syscall hooks in place.
I didn't try to build it but I read the install instructions before I posted. As far as I can tell they do NOT patch the kernel. They're just building an out-of-the-tree kernel loadable module, nothing more.
Of course, I could have missed something.
|
|||||||||||||