Intercepting syscall
shawnwebb at softhome.net
shawnwebb at softhome.net
Tue Dec 9 19:06:13 PST 2003
I remember trying once on a FreeBSD 5.0-RELEASE box an LKM I wrote to
intercept the open() call, yet it didn't work. The same code worked on a
FreeBSD 4.7-RELEASE box.
What I'm wondering is if FreeBSD 5.x has a readonly syscall table. Or maybe
the ways of changing the syscall table has changed.
Am I mistaken?
In not too much importance, but relevant to my question, the reason why I'm
asking, is I was presented to write an IPS (Intrusion Prevention System).
Thanks for your help,
Shawn Webb
More information about the freebsd-hackers
mailing list