how to intercept system calls

rajesh singarapu rajesh0541 at gmail.com
Wed Jul 10 13:28:05 EDT 2013


you may want to try encrypting/decrypting in mpage_writepage/mpage_readpage
and maintaining keys in inode/as extended attributes.


On Wed, Jul 10, 2013 at 10:39 PM, <Valdis.Kletnieks at vt.edu> wrote:

>  On Wed, 10 Jul 2013 21:32:22 +0800, <wuyaalan at gmail.com> said:
>
> >      I wanna encrpto some data in kernel, and these encrypto data storage
> > on disk .i should decrypt data before system call trasmit to user mode.
> > then what should i do ? how to get encrypt data ?
> >      I wanna intercept write function(kernel), when this function got
> > encrypt data i will decrypt.
>
> This will probably not end well, as crypto is a lot harder to get right
> than
> it looks.
>
> What threat model are you trying to defend against with the encrypted data?
> What data are you encrypting, and who are you trying to keep it away from?
>
> The biggest problem is the secure storage and management of crypto keys.
> You're almost certainly better off using the in-kernel keyring code instead
> of trying to do this yourself.  Also see the various TPM support code.
>
> And it's possible that what you *really* wanted to use is the userspace
> cryptLUKS code or TrueCrypt or similar - it's hard to tell what you're
> trying to do.
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20130710/8003ec9c/attachment.html 


More information about the Kernelnewbies mailing list