Date: Fri, 18 Oct 2002 20:29:50 +0200 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: Ramkumar Chinchani <rc27@cse.Buffalo.EDU> Cc: hackers@freebsd.org Subject: Re: tracing exec system call Message-ID: <20021018182950.GQ80034@garage.freebsd.pl> In-Reply-To: <200210172213.g9HMDO423357@pollux.cse.buffalo.edu> References: <200210172213.g9HMDO423357@pollux.cse.buffalo.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--cW0eHRJ76X8TDo3d Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 17, 2002 at 06:13:24PM -0400, Ramkumar Chinchani wrote: +>=20 +> What would be the best way to *capture* the execv system call at its ent= ry point +> from user space? ptrace()? +>=20 +> What would be a good way to inspect the command line args to execv *afte= r* the +> path, etc., has been resolved?=20 +>=20 +> This is useful if one wants to monitor a process and all the system call= s it makes and then disallow a few of them if suspicious. Take a look at: http://cerber.sourceforge.net If You want monitor only execve(), then rexec project should be enough. --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --cW0eHRJ76X8TDo3d Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPbBTHj/PhmMH/Mf1AQFNuAP+KxApEyEmVotEBR94CVKKdYtgrCscUK7M kQkoM8zvBB85GnK3LCGweTUd9KTx9MFdTDsXtdR7nhF+o92Jp0Y0UZmuOCWx/jqC bRj8TTC2WphXlhf3Gtr4HhAn5BZCY3fnxPA56vvOByoaxTdeqRF1+0SJ6BkvIeUn bg2ItnDx15k= =nZ5z -----END PGP SIGNATURE----- --cW0eHRJ76X8TDo3d-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021018182950.GQ80034>