Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!rochester!rutgers!att!ulysses!andante!alice!debra
From: debra@alice.UUCP (Paul De Bra)
Newsgroups: comp.unix.wizards
Subject: Re: syscall(2) function
Keywords: syscall, not system calls
Message-ID: <8984@alice.UUCP>
Date: 28 Feb 89 19:17:48 GMT
References: <3740@ucdavis.ucdavis.edu>
Reply-To: debra@alice.UUCP ()
Distribution: usa
Organization: AT&T, Bell Labs
Lines: 26

In article <3740@ucdavis.ucdavis.edu> kerchen@iris.ucdavis.edu (Paul Kerchen) writes:
>Hello all!
>Currently I'm researching computer viruses here at UCD and I have
>encountered an interesting question (at least I think it's
>interesting):  Is the system call "syscall()" necessary?...
>...  Also, I am looking for *real* examples, not contrived
>ones with no basis in reality.

A *real* example can be found in the EUUG UUCP source.
Uucp used to create *lots* of files in /usr/spool/uucp. It is more
convenient to distribute these files among several directories, as modern
uucp's do. What this uucp does is modify names like "D.systemXXXX" into
"D.system/XXXX" or something. The way this works is as follows:

1) the source code for uucp is not modified.
2) a new routine "open()" is written, which modifies the "D.systemXXXX"
   into "D.system/XXXX", and then calls syscall() with the right
   parameters to do the real open(). By having your own open() routine
   there is no way to access the real open() system call any more, so
   they use syscall instead.

Paul.
-- 
------------------------------------------------------
|debra@research.att.com   | uunet!research!debra     |
------------------------------------------------------