On Wed, 2003-05-07 at 17:34, petter wahlman wrote:
>  It seems like nobody belives that there are any technically valid
> reasons for hooking system calls, but how should e.g anti virus
> on-access scanners intercept syscalls?
> Preloading libraries, ptracing init, patching g/libc, etc. are
> obviously not the way to go.

those obviously need to be implemented via the security subsystem (eg
LSM). Hooks are obviously the wrong level to do things and I could even
tell you that you cannot implement this right from a module actually.