Intercepting syscall
Shawn Webb
shawnwebb at softhome.net
Tue Dec 9 19:46:26 PST 2003
sorry, I realized my old code was outdated, changed it...
But, this also brings on another question... Is there a way to make the
syscall table readonly via an LKM? Would it even be logical? grsec for Linux
does just that... (except, grsec isn't an LKM)
On Tuesday 09 December 2003 20:06, shawnwebb at softhome.net wrote:
> I remember trying once on a FreeBSD 5.0-RELEASE box an LKM I wrote to
> intercept the open() call, yet it didn't work. The same code worked on a
> FreeBSD 4.7-RELEASE box.
>
> What I'm wondering is if FreeBSD 5.x has a readonly syscall table. Or maybe
> the ways of changing the syscall table has changed.
>
> Am I mistaken?
>
> In not too much importance, but relevant to my question, the reason why I'm
> asking, is I was presented to write an IPS (Intrusion Prevention System).
>
> Thanks for your help,
>
> Shawn Webb
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers
mailing list