> There's one approach you don't list and that is probably the simplest one > while remaining extremely efficient: > The use of default jmps over the hook code. Using this, the default behavior > compiled within the kernel would be a jump over the code implementing > the hook. Something like: > > call A > call B > jump label1234 > call hook > label1234: > call C I think this looks great. As far as simple goes, I think it is very minimalist, and it is just plain good hacking. > To activate the hook, one would only need to overwrite the "jump label1234" > by NOPs. Modern CPUs are quite good at taking care of unconditionnal branches > and, since the branch distances would be quite short, results may be even better > than adding a bunch of NOPs. Sure. ;-) Kurt _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 11:26:48 PDT