sorry, I realized my old code was outdated, changed it... But, this also brings on another question... Is there a way to make the syscall table readonly via an LKM? Would it even be logical? grsec for Linux does just that... (except, grsec isn't an LKM)
On Tuesday 09 December 2003 20:06, [EMAIL PROTECTED] wrote: > I remember trying once on a FreeBSD 5.0-RELEASE box an LKM I wrote to > intercept the open() call, yet it didn't work. The same code worked on a > FreeBSD 4.7-RELEASE box. > > What I'm wondering is if FreeBSD 5.x has a readonly syscall table. Or maybe > the ways of changing the syscall table has changed. > > Am I mistaken? > > In not too much importance, but relevant to my question, the reason why I'm > asking, is I was presented to write an IPS (Intrusion Prevention System). > > Thanks for your help, > > Shawn Webb > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
