On Thu, Oct 09, 2003 at 07:46:45AM +0300, earthman wrote: +> The idea is to deny all syscalls for specific +> process p. This is possible even without rewriting +> kernel by kernel module. +> +> Now I'm thinking how to do this. +> Possibly it would be easy to point p->sv_sysent +> to the structure that points sv_prepsyscall +> to some function that denies some system calls. +> (kill process, make some record in module about +> restricted call) +> But I don't understand how to cancel syscall +> out of those function. Maybe it's possible +> to change code parameter to something else.
You may just try CerbNG:
http://cerber.sourceforge.net
It was presented on WIP session at BSDCon03, slides are here:
http://garage.freebsd.pl/CerbNG.pdf
1.0-RC3 will be avaliable in near future.
--
Pawel Jakub Dawidek [EMAIL PROTECTED]
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
pgp00000.pgp
Description: PGP signature
