Query regarding kernel modules intercepting system call.
Ajinkya Surnis
surnisaa at gmail.com
Sat Jul 8 14:19:26 EDT 2017
Hello Aruna,
Thanks a lot for your help.
I'm aware that a single kernel module will accomplish syscall interception.
In fact, I submitted my solution to the interviewers. Here's my source code:
https://github.com/Ajinkya-Veritas/Test-Module/blob/master/testmod.c
However, the interviewer had done a weird scenario where he created two
modules from same code.
(mod1 and mod2) So obviously, they would intercept same system call.
After loading those modules and unloading them in same order caused panic,
which I described in detail
initially.
My goal is to avoid panic, but couldn't find out how.
Thanks,
Ajinkya.
On Sat, Jul 8, 2017 at 11:36 PM, Aruna Hewapathirane <
aruna.hewapathirane at gmail.com> wrote:
> Hello Ajinkya,
>
> On Sat, Jul 8, 2017 at 12:14 PM, Greg KH <greg at kroah.com> wrote:
>
>> On Sat, Jul 08, 2017 at 09:38:52PM +0530, Ajinkya Surnis wrote:
>> > Actually, this is not a college assignment. I'm a professional software
>> > engineer who is completely new to kernel programming.
>>
>
> Welcome to the world of kernel hacking and speaking the 'truth' and being
> 'honest'
> does have it's benefits as you will see soon :)
>
>
>> > I recently gave an interview to one cloud security firm. The
>> interviewer gave
>> > me this particular assignment, since this kind of functionality is
>> needed in
>> > their software.
>>
>
> Wish you good luck with the job !
>
>
>> > Now I'm aware that the approach I have (syscall interception) is wrong.
>> > But I also need to find out alternate mechanism to achieve my goal.
>> > I searched really hard, but got nothing.
>>
>
> Go through the link below very carefully, you do not require two modules.
> One single module
> that intercepts a syscall and does what you have to do.. please do pay
> careful attention to the comments
> within the code!
>
> https://github.com/jvns/kernel-module-fun/blob/master/rickroll.c
>
>
>>
>> So it's a programming test to get a job? That's worse than trying to
>> cheat on an exam, as it would mean that I pass the test, not you :(
>>
>
> Though I agree 110% with gregkh 'I' also have been where Ajinkya is coming
> from so many times.
> I have been there, done that too many times to walk away now so.. I
> understand the man's pain and frustration.
> So against my better judgement I have given him something if he studies
> carefully will help him to do what its is he must.
>
>>
>> good luck!
>>
>> greg k-h
>>
>>
> Greg, he told us the plain truth and all he wants is some guidance. If I
> am out of line you can bust me as usual on IRC ! How is telling the simple
> and plain 'truth' equate to 'cheating" ? Duhh...
>
> Good luck, hope this helps - Aruna
>
>
>
>
>
>> _______________________________________________
>> Kernelnewbies mailing list
>> Kernelnewbies at kernelnewbies.org
>> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20170708/7886f9a3/attachment-0001.html
More information about the Kernelnewbies
mailing list