Re: syscall wrappers (was Re: chroot useful?)

[George Ross <gdmr () dcs ed ac uk>]

> ... Nicer still would be to integrate
> the facility down in the kernel proper, on the far side of the syscall
> interface; rather than wrapping the syscalls in libc, actually indirect
> them on the far side of the syscall interface so the original
> (unwrapped) syscalls aren't available through any calling interface in
> the client program. ...

I remember doing this a few years ago to a lab of Sun 3/50 machines running SunOS 4.0.3.  The system call vector was 
one of the kernel files distributed in source form, so I was able to fix chmod, fchmod and umask (I think that was the 
lot) so that they returned EPERM unless the caller's group ID was below a certain threshold.  And that, together with 
0700-mode home directories, quotas on /tmp and /usr/tmp, and a primitive kind of rlogin wrapper, was enough to bring 
the incidence of hacking down from huge to zero -- it was remarkably effective.

Back then, of course, 3/50s were new and exciting (well, sort of...).  A couple of years later the University had 
installed some much more desirable machines, and our labs weren't nearly such tempting hacker targets.

-- 
Dr George D M Ross, Department of Computer Science, University of Edinburgh
       Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ
Mail: gdmr () dcs ed ac uk   Voice: +44 131 650 5147   Fax: +44 131 667 7209
   PGP: 1024/B74A4F7D  14 E8 B3 00 20 04 68 F8  95 40 CB 36 A4 D4 FA 90