On 7 May 2003, petter wahlman wrote:
>
> It seems like nobody belives that there are any technically valid
> reasons for hooking system calls, but how should e.g anti virus
> on-access scanners intercept syscalls?
> Preloading libraries, ptracing init, patching g/libc, etc. are
> obviously not the way to go.
>
Well, for a system wide system call hook, a kernel mechanism is necessary
(and useful too IMHO). However for our usage (MPI) it is enough to know
when the current process calls either sbrk(-n) or munmap glibc functions,
thus it is sufficient to implement some kind of callback functionality for
certain glibc functions, sort of like the malloc/free hooks but on a more
general basis since some applications doesn't use malloc/free but
implement their own alloc/free algorithms using the syscalls (one example
is f90 apps).
Ideas anyone ?
Regards,
-- Steffen Persvold | Scali AS mailto:sp@scali.com | http://www.scali.com Tel: (+47) 2262 8950 | Olaf Helsets vei 6 Fax: (+47) 2262 8951 | N0621 Oslo, NORWAY- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed May 07 2003 - 22:00:31 EST