From owner-freebsd-hackers  Thu Jul 12  8: 9:12 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 4405037B401
	for <freebsd-hackers@FreeBSD.ORG>; Thu, 12 Jul 2001 08:09:08 -0700 (PDT)
	(envelope-from arr@watson.org)
Received: from localhost (arr@localhost)
	by fledge.watson.org (8.11.4/8.11.4) with SMTP id f6CF8X506674;
	Thu, 12 Jul 2001 11:08:41 -0400 (EDT)
	(envelope-from arr@watson.org)
Date: Thu, 12 Jul 2001 11:08:32 -0400 (EDT)
From: "Andrew R. Reiter" <arr@watson.org>
To: Andrzej Bialecki <abial@webgiro.com>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: [ANNOUNCE] SPY-1.1 - syscall monitoring kernel module
In-Reply-To: <Pine.LNX.4.21.0107110134280.28963-100000@mimer.webgiro.com>
Message-ID: <Pine.NEB.3.96L.1010712110625.6648A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

I'd really be interested in the results from the kernel security BoF from
USENIX (sine I missed it) and seeing how we can apply any of the resultant
ideas into SPY, ie. utilize interfaces or styles.

Anyone know where we could find the BoF information? Robert?

Andrew


On Wed, 11 Jul 2001, Andrzej Bialecki wrote:

> Hi,
> 
> I just uploaded an updated version of the SPY, which is a kernel module
> that allows to selectively monitor and/or block execution of any
> syscalls. This version works on relatively current -CURRENT (after the
> struct proc changes). You can get it from:
> 
> 	http://people.freebsd.org/~abial
> 
> See also the detailed description there.
> 
> I should be able also to provide a version for 4-STABLE soon, depending on
> my time and availability of the machine...
> 
> Enjoy!
> 
> -- 
> 
> Andrzej
> 
> // ----------------------------------------------------------------
> // Andrzej Bialecki <abial@webgiro.com>, Chief System Architect
> // WebGiro AB, Sweden (http://www.webgiro.com)
> // ----------------------------------------------------------------
> // <abial@freebsd.org> FreeBSD developer (http://www.freebsd.org)
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 

*-------------.................................................
| Andrew R. Reiter 
| arr@fledge.watson.org
| "It requires a very unusual mind
|   to undertake the analysis of the obvious" -- A.N. Whitehead


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message