On Mon, 18 Apr 2005 10:48:03 -0400 Igor Shmukler wrote: | Rik, (and everyone), | | Everything is IMHO only. | | It all boils down to whether: | 1. it is hard to correctly implement such LKM so that it can be safely | loaded and unloaded and when these modules are combined they may not | work together until there is an interoperability workshop (like the | one networking folks do). | 2. it's not possible to do this right, hence no point to allow this in | a first place. | | I am not a Linux expert by a long-shot, but on many other Unices it's | being done and works. I am only asking because I am involved with a | Linux port. | | I think if consensus is on choice one, then hiding the table is a | mistake. We should not just close abusable interfaces. Rootkits do | not need these, and if someone makes poor software we do not have to | install it. | | Intercepting system call table is an elegant way to solve many | problems. Any driver software has to be developed by expert | programmers and can cause all the problems imaginable if it was not | down right. | | Again, it's all IMHO. Nobody has to agree.
And 'nobody' has submitted patches that handle all of the described problems... 1. racy 2. architecture-independent 3. stackable (implies/includes unstackable :) You won't get very far in this discussion without some code... | Igor | | On 4/18/05, Rik van Riel <[EMAIL PROTECTED]> wrote: | > On Fri, 15 Apr 2005, Igor Shmukler wrote: | > | > > Thank you very much. I will check this out. | > > A thanks to everyone else who contributed. I would still love to know | > > why this is a bad idea. | > | > Because there is no safe way in which you could have multiple | > of these modules loaded simultaneously - say one security | > module and AFS. There is an SMP race during the installing | > of the hooks, and the modules can still wreak havoc if they | > get unloaded in the wrong order... | > | > There just isn't a good way to hook into the syscall table. --- ~Randy - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/