Critical Linux security API is still a kludge (Inquirer)
Posted Oct 24, 2006 3:07 UTC (Tue) by ringerc
In reply to: Critical Linux security API is still a kludge (Inquirer)
Parent article: Critical Linux security API is still a kludge (Inquirer)
It needs to intercept and modify the behaviour of system calls. That is not supported (by design) in the module interface - the kernel *must* be modified. There's a dirty hack that does it from modules anyway, but it's not a great idea and frowned upon.
Why the syscall table isn't available from modules seems to be largely a politicial issue. My impression is that the kernel devs don't want large extensions of the kernel that insert lots of hooks to be possible as modules - perhaps because of the whole closed-source module issue?
Anyway, I'd be surprised if they didn't need to patch the kernel to get their syscall hooks in place.
to post comments)