Prev: trivial: Use correct macro to display sched_child_runs_first in /proc/sched_debug
Next: [tip:sched/urgent] sched: Revert nohz_ratelimit() for now
From: supercodeing35271 supercodeing35271 on 17 Jul 2010 06:50
Hi,i am now write a simple file comparison and protect program in
linux kernel module using the way of intercepting the syscall.What i
have done is that when the module insmod into kernel,i can appoint a
path that make any action which intend to mkdir in the path return a
fail,so the path can be protect against malicious tamper.
How the module work is very simply as a way of intercept the mkdir()
syscall,i think lots of guy know about the theory.
But,it is not perfect.Because the module can only identify the
absolute path.Then situation,when we open a shell like this:
root(a)myname-desktop:/home/myname/test# mkdir dirkkk
As this command running, a directory named dirkkk in the path
/home/myname/test has been created.Also use the command mkdir
/home/myname/test/dirkkk is the same.
But the module i wrote only realize the mkdir
/home/myname/test/dirkkk.This is the mkdir syscall function in 2.6.34:
asmlinkage long sys_mkdir(const char __user *pathname, int mode);
In my module,i intercept it and make a function named my_mkdir which
has the same parameters:
asmlinkage long my_mkdir(const char __user *pathname, int mode)
{
if(strcmp(pathname,"/home/myname/test/dirkkk") == 0)
{
return -1;
}
return sys_mkdir(pathname,mode);
}
The module strcmp the pathname,if the pathname is which has been
setting as forbid,then return -1.Command mkdir
/home/myname/test/dirkkk may return a fail,but if mkdir dirkkk,it
doesn't forbid.Because the pathname is "dirkkk",not the
"/home/myname/test/dirkkk",it may return a original sys_mkdir.
So my question is that is any idea of identify the shell command like
mkdir if it is a absolute path or not,and how to change relative path
into absolute for my module can intercept the relative path
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: trivial: Use correct macro to display sched_child_runs_first in /proc/sched_debug
Next: [tip:sched/urgent] sched: Revert nohz_ratelimit() for now