From: Denis Ducamp [Denis.Ducamp@HSC.FR]
Sent: Monday, May 01, 2000 8:53 PM
To: VULN-DEV@SECURITYFOCUS.COM
Subject: Re: Replacing Kernel Functions via a LKM

On Thu, Apr 27, 2000 at 05:15:27PM -0700, Granquist, Lamont wrote:
> Is there a way to intercept calls to a given function in the kernel via a
> LKM?  Specifically I'd like to intercept proc_root_lookup() in in
> fs/proc/root.c and replace it with my own procedure. (motivation for doing
> so is left as an excersize to the reader)

That has been described for Linux 2.0 systems :
http://thc.pimmel.com/files/thc/LKM_HACKING.html
written by pragmatic / THC, version 1.0
released 03/1999

Some of those programs have been ported to 2.2 .

Then some have been "ported" to FreeBSD :
http://thc.pimmel.com/files/thc/bsdkern.html
written by pragmatic / THC, version 1.0
released 06/1999

And then to Solaris :
http://thc.pimmel.com/files/thc/slkm-1.0.html
Author: Plasmoid <plasmoid@pimmel.com> / THC
Version 1.0  (c) 1999

Very good jobs, must read.

Denis Ducamp.

--
Denis.Ducamp@hsc.fr -- Hervé Schauer Consultants -- http://www.hsc.fr/