On-line judgment kernel module
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Thu Oct 9 01:15:23 PDT 2003
On Thu, Oct 09, 2003 at 07:46:45AM +0300, earthman wrote:
+> The idea is to deny all syscalls for specific
+> process p. This is possible even without rewriting
+> kernel by kernel module.
+>
+> Now I'm thinking how to do this.
+> Possibly it would be easy to point p->sv_sysent
+> to the structure that points sv_prepsyscall
+> to some function that denies some system calls.
+> (kill process, make some record in module about
+> restricted call)
+> But I don't understand how to cancel syscall
+> out of those function. Maybe it's possible
+> to change code parameter to something else.
You may just try CerbNG:
http://cerber.sourceforge.net
It was presented on WIP session at BSDCon03, slides are here:
http://garage.freebsd.pl/CerbNG.pdf
1.0-RC3 will be avaliable in near future.
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20031009/bf0039d8/attachment.bin
More information about the freebsd-hackers
mailing list