1

For security reasons, the kernel ceased to export characters necessary for writing security modules in the form of loadable kernel modules (Linux Kernel Module, LKM) starting with version 2.6.24.

And you can't export sys_call_table, again for security reasons.

But then, how can I filter filesystem requests?

I'll state it simply: I want to hook the "open" function!

I don't want to have to compile my own version of the kernel, what's the point of drivers? It should work for all kernels.

Please help, thought I would have more freedom than Windows with Linux, but now I see the most precious parts of my life are blocked in Linux.

RandomHash
  • 669
  • 6
  • 20
aliep
  • 1,702
  • 2
  • 21
  • 33
  • It's okay if you just want to do it for experimental purposes, but doing this using a LKM is not safe as pointed out in [this](http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf). You should go for a LSM implementation to be safe from TOCTOU – Saurav Yadav Mar 08 '21 at 07:54

1 Answers1

2

I've written a kernel module that can do this called tpe-lkm. I've also mentioned it on some other questions similar to this here on StackOverflow:

Hope one of these helps you out.

Community
  • 1
  • 1
Corey Henderson
  • 7,239
  • 1
  • 39
  • 43
  • so i have to _hijack_ the sys_call_table ,thank you very much, hoped at least **linux** could have driver stack... – aliep Dec 21 '12 at 23:42