Query regarding kernel modules intercepting system call.

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Sat Jul 8 21:06:09 EDT 2017


On Sat, 08 Jul 2017 21:08:40 +0530, Ajinkya Surnis said:

> The purpose of assignment is to check the authenticity of the user
> executing the system call, and prevent certain users from executing, kind
> of like certain security programs (although I don't exactly know how they
> work).

The only hint I'll give you is that way back in April 2005, we
added a rather extensive API for exactly this purpose, and that almost
every single major distribution uses this API for one of several major
packages.  Maybe you should find out "exactly how they work" :)

And now the bad news:  If you didn't *already* know that, you're almost
certainly not qualified to write security code for the Linux environment.
(I admit that if I was the interviewer, and the *immediate* answer hadn't
been "Why should I intercept syscalls when I could do XYZ?", that would
be in my mind an instant "not qualified").  Security coding done correctly
is a lot harder than it looks. For example, consider intercepting that 
open() syscall.  What happens if one program opens the file and isn't stopped
by your intercept - and it then passes the open file descriptor across
an exec() system call to a cooperating malicious process?

The other possibility is that the interviewer didn't know about XYZ
either - in which case you *DO NOT* want to work there.  Trust me on this. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20170708/b3f156f5/attachment.bin 


More information about the Kernelnewbies mailing list