Query regarding kernel modules intercepting system call.
Lino Sanfilippo
LinoSanfilippo at gmx.de
Sun Jul 9 06:18:39 EDT 2017
On 09.07.2017 12:06, Lino Sanfilippo wrote:
> Hi,
>
> On 08.07.2017 17:38, Ajinkya Surnis wrote:
>> The purpose of assignment is to check the authenticity of the user
>> executing the system call, and prevent certain users from executing, kind
>> of like certain security programs (although I don't exactly know how they
>> work).
>>
>
> I suggest to take a look at "fanotify", which offers you the possibility
> to intercept open() calls at VFS level and also provides you with the
> user/group id of the file accessing process.
>
Actually you are provided the file descriptor of the accessed file and the
pid of the accessing process. But it is not too hard to derive access rights
(e.g. via stat() or fstat()) from these.
Regards,
Lino
More information about the Kernelnewbies
mailing list