syscall(2) function
Paul De Bra
debra at alice.UUCP
Wed Mar 1 05:17:48 AEST 1989
In article <3740 at ucdavis.ucdavis.edu> kerchen at iris.ucdavis.edu (Paul Kerchen) writes:
>Hello all!
>Currently I'm researching computer viruses here at UCD and I have
>encountered an interesting question (at least I think it's
>interesting): Is the system call "syscall()" necessary?...
>... Also, I am looking for *real* examples, not contrived
>ones with no basis in reality.
A *real* example can be found in the EUUG UUCP source.
Uucp used to create *lots* of files in /usr/spool/uucp. It is more
convenient to distribute these files among several directories, as modern
uucp's do. What this uucp does is modify names like "D.systemXXXX" into
"D.system/XXXX" or something. The way this works is as follows:
1) the source code for uucp is not modified.
2) a new routine "open()" is written, which modifies the "D.systemXXXX"
into "D.system/XXXX", and then calls syscall() with the right
parameters to do the real open(). By having your own open() routine
there is no way to access the real open() system call any more, so
they use syscall instead.
Paul.
--
------------------------------------------------------
|debra at research.att.com | uunet!research!debra |
------------------------------------------------------
More information about the Comp.unix.wizards
mailing list