lamontICOPYRIGHT.COM

• Next message: David Knaack: "Re: Another new worm???"
• Previous message: Pavel Kankovsky: "Re: Capturing System Calls"
• In reply to: Green Charles Contr AFRL/IFGB: "Capturing System Calls"
• Next in thread: Michal Zalewski: "Re: Capturing System Calls"
• Next in thread: Badger, Lee: "Re: Capturing System Calls"
• Reply: Granquist, Lamont: "Re: Capturing System Calls"
• Reply: Michal Zalewski: "Re: Capturing System Calls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Under linux you can modify the syscall table through a loadable kernel
module. This will allow you to modify the behavior of system calls. This
may satisfy the restriction that you're not allowed to modify the kernel,
since you're doing it dynamically and the underlying code remains the
same.

On Thu, 22 Jun 2000, Green Charles Contr AFRL/IFGB wrote:
> On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to capture/modify
> system calls calls from an application with out modifying the kernel (or
> using kernel modules) - preferably in userspace? The reason I ask is that a
> group of us are being asked to evaluate a piece of software for my company
> but they've put some heavy restrictions on how we do it. One of the
> restriction is that we're not allowed to modify the kernel.
>

• Next message: David Knaack: "Re: Another new worm???"
• Previous message: Pavel Kankovsky: "Re: Capturing System Calls"
• In reply to: Green Charles Contr AFRL/IFGB: "Capturing System Calls"
• Next in thread: Michal Zalewski: "Re: Capturing System Calls"
• Next in thread: Badger, Lee: "Re: Capturing System Calls"
• Reply: Granquist, Lamont: "Re: Capturing System Calls"
• Reply: Michal Zalewski: "Re: Capturing System Calls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]