Solved

Modifying data before sending them

Posted on 2006-11-22
9
173 Views
Last Modified: 2010-03-18
Hello,

I'm currently working on a project which requires me to modify data an application wants to send over the network. My goal is to do this in a transparent way, therefore no modification whatsoever should take place in the application. My solution would normally be in the form of a module for the kernel (2.6.x series). My project is actually an extension of someone else's work which apparently uses the Linux Security Modules, the network hooks. From what I read, these modules are only used for access control policies enforcement, so the only control I have over the sockets is allowing or refusing different actions, such as creation, connection, transmission, etc. Therefore, it doesn't seem possible to alter the data that the application wants to send.

For the moment, I only see one alternative, modifying the sockets themselves. Although my implementation has only a "show it's feasible" purpose, I would prefer a "cleaner" way to deal with this. Moreover, it would be much better if I could actually extend the previous work that has been undertaken by another person, instead of just starting from scratch.

As I said before, my goal is to make this completely transparent for the applications.

Do you have any suggestion on that matter ? Any good reference (book, article, website) would be greatly appreciated too. Don't hesitate to ask for further information if you find it necessary.

Thanks in advance for your time.

acp
0
Comment
Question by:aCp
  • 4
  • 2
9 Comments
 
LVL 6

Expert Comment

by:_iskywalker_
ID: 17995458
i would suggest you could do a library, so you can rewrite socket, and send_data. you could also see how ethereal reads the data send, maybe
you can change this way the data, making a module is maybe not possible, since you must put the module between others modules, abnd maybe some modules can not make modules (they must be in the kernel). Making a library for sending and receiving would bethe cleanest way.
0
 
LVL 1

Author Comment

by:aCp
ID: 17995522
Hi there,

by developing a library I fail to complete one of my goals, which is to avoid modification of all applications. A module is indeed not possible for the moment, at least I think it is, except if the security hooks of LSM allow such a task.

Therefore it seems more suitable to modify the socket code directly in the kernel.
0
 
LVL 6

Accepted Solution

by:
_iskywalker_ earned 125 total points
ID: 17995567
you dont need to modify all applications, you need only to change the send command on the libraries (all applications use libraries, so modiufying libraries you wont modify the application, e.g.  normally (if your arent in assembler) the applications use  libc.so.6 so modifiing libc.so.6 will make your job (ldd program name tells you which libraries are used for the program).
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:aCp
ID: 17995568
By the way, I forgot something. You talked about ethereal (called wireshark now btw :), but the problem is that (as iptables actually), it intervenes only before actual emission of the data, so between data and physical layers if I'm not mistaken. Since I want to alter data (let's say I want to add something to the sent data), doing that after the transport or network layer would considerably make my life harder (just consider fragmentation for instance)...

This is why I strongly believe that the whole thing should be between application and transport layer.
0
 
LVL 1

Author Comment

by:aCp
ID: 17995665
Oh ok, now I see what you mean. My knowledge is somewhat restricted in that area, so I have two questions regarding this approach :

1) Do all applications that are susceptible to send data over a network rely on libc for doing so ? From what I know so far, they might rely on some other library, but the latter can be finally using libc. Am I right in this last assumption ?

2) Libraries are not my forte, but for having played a bit with some a couple of years ago, I recall that a modification in the core of a function (let's take send as an example) could lead to a change in the ABI. Therefore, recompilation of programs linked to this library is needed. Would this be the case here ? I mean, how much "freedom" do I have in modifying the send function without needing to recompile application using it ?

Last but not least, although I'm interested in taking this alternative further, I forgot to mention that there is a external constraint that will most probably push me to work in the kernel. However, the feasability of such a solution is very interesting. Who knows, maybe it might be even better than dealing with the kernel...

Thanks for baring with me on this one...

acp
0
 
LVL 1

Author Comment

by:aCp
ID: 18014574
No other opinions/advices ?

What about sources of information on that field ?

Thanks,
aCp
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now