Changing the hierarchy of system calls executed in response to a command

ipshita · 04-29-2009, 10:08 PM

I want to change the way linux reacts to commands and user executables..

i.e i want to change the system calls which will be executed in response to it.

I will have to involve my new code before system goes to sys_execve() to execute the executable

One way could be by tapping the sys_call_table i.e exporting it(which will require a patch) and changing the pointer to point to my code and then my program will point to execve()

But this way has big flaws.

PLEASE help!!!!

unSpawn · 04-30-2009, 07:13 AM

Could you explain what you are trying to accomplish?
What is the purpose of this? (Any code or examples?)
Are you sure you need to do this in the kernel? (Can't you keep to userland?)
In what way does your approach differ from malicious kernel subversion?
Have you ever checked out the LSM?

ipshita · 04-30-2009, 07:55 AM

I have embedded certain stuffs in the ELF format for the binary executables.
SO everytime the executable runs, i want it to extract the watermark and then proceed to make the system calls. i.e sys_execve() and the rest

I was thinking of changing the pointer location in sys_call_table to point to my code then simultaneously, to the system call from there.

Its like hacking into the system.

Is there any userland method i could use to support this

I havent an idea of LSM

Thank you,

pixellany · 04-30-2009, 08:49 AM

Moved: This thread is more suitable in <Programming> and has been moved accordingly to help your thread/question get the exposure it deserves.

unSpawn · 04-30-2009, 09:43 AM

Quote:

Originally Posted by ipshita

I have embedded certain stuffs in the ELF format for the binary executables. SO everytime the executable runs, i want it to extract the watermark

5 minutes worth of research shows Immunix' CryptoMark, Bsign, DigSig, signelf and elfsign.

ipshita · 04-30-2009, 11:49 AM

Yes i have gone through digsig before..

What i need now is to develop a kernel module program in response to the binary signature i have already embedded. i.e, i need to develop the kernel module program to initiate the shell to check the elf before running it.

Could you plz help me with the source code

plz

ipshita · 04-30-2009, 01:23 PM

its kernel module programming using LSM hooks.

If anyone could help me with books and references,
I would be thankful

unSpawn · 05-01-2009, 08:24 AM

Since the DigSig kernel module already lays the groundwork for a checking mechanism plus hooks into the LSM, wouldn't it be convenient to use it as conceptual and practical framework to base your work on? Or doesn't that fit the requirements for your assignment?