how to intercept system calls

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Jul 10 13:09:24 EDT 2013


On Wed, 10 Jul 2013 21:32:22 +0800, <wuyaalan at gmail.com> said:

>      I wanna encrpto some data in kernel, and these encrypto data storage
> on disk .i should decrypt data before system call trasmit to user mode.
> then what should i do ? how to get encrypt data ?
>      I wanna intercept write function(kernel), when this function got
> encrypt data i will decrypt.

This will probably not end well, as crypto is a lot harder to get right than
it looks.

What threat model are you trying to defend against with the encrypted data?
What data are you encrypting, and who are you trying to keep it away from?

The biggest problem is the secure storage and management of crypto keys.
You're almost certainly better off using the in-kernel keyring code instead
of trying to do this yourself.  Also see the various TPM support code.

And it's possible that what you *really* wanted to use is the userspace
cryptLUKS code or TrueCrypt or similar - it's hard to tell what you're trying to do.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20130710/f71a895e/attachment.bin 


More information about the Kernelnewbies mailing list