Hooking exec system call

rohan puri rohan.puri15 at gmail.com
Thu Sep 22 05:44:49 EDT 2011


On Thu, Sep 22, 2011 at 1:53 PM, Abhijit Pawar <apawar.linux at gmail.com>wrote:

> hi list,
> Is there any way to hook the exec system call on Linux box apart from
> replacing the call in System Call table?
>
> Regards,
> Abhijit Pawar
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>

Tidy way : -

You can do that from LSM (Linux security module).

Untidy way : -
Yes, you can do that by registering a new binary format handler. Whenever
exec is called, a list of registered binary format handlers is scanned, in
the same way you can hook the load_binary & load_library function pointers
of the already registered binary format handlers.

Regards,
Rohan Puri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20110922/ba5313b9/attachment-0001.html 


More information about the Kernelnewbies mailing list