Home » Forums » Linux » Linux kernel

VFS function hook

Submitted by ricardomcm
on May 7, 2009 - 3:27pm

hi folks, i'm trying to hook a function of the VFS, in order to hide a file in the filesystem
(actually a directory, containing some sensitive stuff)
i've read some papers that i found on google, even rootkit sources such as adore-ng
however they seem not to work under recent kernels

here is what i'm trying to do:

struct file *f;

f = filp_open(root_fs,O_RDONLY,0); /* root_fs is declared as "/" */

/* backup the original readdir */
original_readdir = f->f_op->readdir;

/*the hook */
f->f_op->readdir = my_readdir;

now the error from make...

error: assignment of read-only location *f->f_op?

i can't figure out the problem, it is a GCC bug or what?
any clue on ??

Tnks.

‹ How to debug an embedded linux Kernel disk cache configuration ›

standard

strcmp
on
May 8, 2009 - 5:30am

gcc perfectly implements the features of the 20 years old C standard. how is this a bug?

i don't know if it is a GCC

ricardomcm
on
May 8, 2009 - 6:52am

i don't know if it is a GCC bug, that's why i'm asking...
however there are old versions that do not give us an error with this code, instead it shows only a warning:

=/

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.