Ion writes:
> Andrew Daviel <[EMAIL PROTECTED]> wrote:
> > Is there a good reason why insmod should not call syslog() to log
> > any module that gets installed ?
>
> Simple: you'll have quite a bit of a problem if you are trying to insmod
> the module with support for AF_UNIX sockets. :-)
Why do it from user space? Simply add a printk() to sys_init_module() or
similar. Granted, this will only help until the lusers install a patched
sysklog before installing a backdoor module, but so would the user-space
solution. At least the kernel message will stay in kernel memory until
it is flushed out with more messages (which itself might be detectable).
Cheers, Andreas
--
Andreas Dilger \ "If a man ate a pound of pasta and a pound of antipasto,
\ would they cancel out, leaving him still hungry?"
http://www-mddsp.enel.ucalgary.ca/People/adilger/ -- Dogbert
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
