On Mon, Nov 17, 2003 at 11:02:10AM +0300, Samy Al Bahra wrote: +> > See http://www.enderunix.org/murat/linux_subexec/linux_subexec.c for a simple +> > example. +> +> This is 4.X specific (proc usage). I would just like to note that there is an +> execve symbol which you can reference in your code directly (rather than +> creating your own pointer for deinitialization). +> +> EX: +> -sysent[SYS_execve].sy_call = (sy_call_t *)oldexecve; +> +sysent[SYS_execve].sy_call = (sy_call_t *)execve;
And if there are two modules that intercept execve(2)? Storing old value in dedicated pointer is correct. There still will be a problem when modules are loaded and unloaded in random order. Unload order have to be reverse load order, if not, invalid pointer (of module that was already unloaded) will be stored in sysent table. -- Pawel Jakub Dawidek [EMAIL PROTECTED] UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net
pgp00000.pgp
Description: PGP signature