Date: Mon, 6 Aug 2001 19:11:20 +0000 (UTC) From: naddy@mips.inka.de (Christian Weisgerber) To: freebsd-security@freebsd.org Subject: Re: Tracing writes? Message-ID: <9kmq4o$185l$1@kemoauc.mips.inka.de> References: <9km9fr$1sb$1@kemoauc.mips.inka.de> <20010806124632.G2134@futuresouth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew D. Fuller <fullermd@futuresouth.com> wrote: > > You see that a file is written to. How do you figure out where the > > write() is coming from? > > There may not be a write(). True, but if there is, how to find it? > There was at some time in the past a bug in the VM system that would > cause mtimes to be updated because of (from memory) dirtied pages in the > in-core copy of an executable being flushed back. Yes, I suspect something like this. But for the purposes of -security: What ways are there to identify a rogue process writing to some file it isn't supposed to touch? -- Christian "naddy" Weisgerber naddy@mips.inka.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9kmq4o$185l$1>