Hi, Based on the implementation of LIDS, I suggest the following functions to hook in LSM, some hookers do not cover in LIDS but I think it is nessary, such as Network and IPC, 0) Basic kernel service, sys_fork() and sys_execve() 1) Filesystem's Hook, LIDS intercept the following function, <1> open_namei() for checking sys_open(), LIDS do not check read()/write(). <2> sys_rmdir(),sys_unlink(),sys_symlink(),s ys_link(),sys_rename(),__namei(), sys_mknod(),sys_mkdir(). <3> sys_truncate(), sys_access(), sys_fchmod(), sys_chmod(), 2) Capability Hooker, capable() in include/linux/sched.h. 3) Network Hooker, .... 4) IPC hooker, ... 5) more... I hope this may help, Any suggestion? Huagang -- Happy Hacking LIDS secure linux kernel http://www.lids.org/ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 02:27:01 PDT