Hooking exec system call
From: rohan puri <hidden>
Date: 2011-09-22 09:44:49
On Thu, Sep 22, 2011 at 1:53 PM, Abhijit Pawar [off-list ref]wrote:
hi list, Is there any way to hook the exec system call on Linux box apart from replacing the call in System Call table? Regards, Abhijit Pawar _______________________________________________ Kernelnewbies mailing list Kernelnewbies at kernelnewbies.org http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Tidy way : - You can do that from LSM (Linux security module). Untidy way : - Yes, you can do that by registering a new binary format handler. Whenever exec is called, a list of registered binary format handlers is scanned, in the same way you can hook the load_binary & load_library function pointers of the already registered binary format handlers. Regards, Rohan Puri -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20110922/ba5313b9/attachment-0001.html