From: rohan.puri15@gmail.com (rohan puri)
To: kernelnewbies@lists.kernelnewbies.org
Subject: Hooking exec system call
Date: Thu, 22 Sep 2011 15:14:49 +0530 [thread overview]
Message-ID: <CALJfu6MyUSAsmLGUJtmEGK+X4BwvayZ++715OSrr8T_GzWcJOg@mail.gmail.com> (raw)
In-Reply-To: <4E7AF090.6000402@gmail.com>
On Thu, Sep 22, 2011 at 1:53 PM, Abhijit Pawar <apawar.linux@gmail.com>wrote:
> hi list,
> Is there any way to hook the exec system call on Linux box apart from
> replacing the call in System Call table?
>
> Regards,
> Abhijit Pawar
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
Tidy way : -
You can do that from LSM (Linux security module).
Untidy way : -
Yes, you can do that by registering a new binary format handler. Whenever
exec is called, a list of registered binary format handlers is scanned, in
the same way you can hook the load_binary & load_library function pointers
of the already registered binary format handlers.
Regards,
Rohan Puri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20110922/ba5313b9/attachment-0001.html
next prev parent reply other threads:[~2011-09-22 9:44 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-22 8:23 Hooking exec system call Abhijit Pawar
2011-09-22 8:50 ` Christophe Hauser
2011-09-22 9:44 ` rohan puri [this message]
2011-09-23 7:31 ` Rajat Sharma
2011-09-23 8:30 ` Abhijit Pawar
2011-09-23 8:34 ` rohan puri
2011-09-23 9:13 ` Abhijit Pawar
2011-09-23 9:41 ` rohan puri
2011-09-26 6:32 ` Abhijit Pawar
2011-09-26 6:56 ` rohan puri
2011-09-26 6:59 ` Abhijit Pawar
2011-09-26 7:27 ` rohan puri
2011-09-26 7:30 ` Abhijit Pawar
2011-09-26 7:32 ` rohan puri
2011-09-22 16:57 ` Mulyadi Santosa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALJfu6MyUSAsmLGUJtmEGK+X4BwvayZ++715OSrr8T_GzWcJOg@mail.gmail.com \
--to=rohan.puri15@gmail.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.