Reputation: 123
In Linux kernel mode, how to execute a user space command
I hook execve in kernel mode(change system_call_table entry __NR_execve to my function). I want to check the ELF's assembly code. If it harmful, I'll return directly without executing it.
I am writing a linux module. In Linux kernel mode, I want to use objdump to disassembly the ELF file. I want to go user mode to execute objdump, and go back to kernel mode. Is this possible? Thank you.
Upvotes: 1
Views: 2734
Answers (1)
Reputation: 14763
Maybe you can split your project into two parts: kernel module and user-space application. So you can hook execve() in kernel, then tell your application about hook triggered, then do disassembling and checking in your application, send computed result back to kernel module, and then either continue or break execve() execution.
If you still want to run objdump from kernel -- check out call_usermodhelper().
See also this related question.
Upvotes: 2
Related Questions
- How can I access the kernel command line from a Linux kernel module?
- Call a userspace function from within a Linux kernel module
- Executing a user-space function from the kernel space
- Running a userspace process in user mode with Linux kernel call_usermodehelper
- call a kernel module function from program at user space
- How can I Execute/Call a user-space defined function from Linux kernel space module?
- Execute shell command in kernel module
- How to call a function defined in a kernel module from a user space program
- How to call a self-defined Kernel function in the user space?
- How to execute shell command in kernel programming?