Date: Tue, 18 Jan 2000 13:43:07 -0800 From: Cy Schubert <cschuber@uumail.gov.bc.ca> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Omachonu Ogali <oogali@intranova.net>, Adam <bsdx@looksharp.net>, Will Andrews <andrews@TECHNOLOGIST.COM>, freebsd-security@FreeBSD.ORG Subject: Re: Parent Logging Patch for sh(1) Message-ID: <200001182143.NAA09877@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Tue, 18 Jan 2000 22:15:05 %2B0200." <15540.948226505@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <15540.948226505@axl.noc.iafrica.com>, Sheldon Hearn writes:
>
>
> On Tue, 18 Jan 2000 08:05:15 PST, Cy Schubert - ITSD Open Systems Group wrote
> :
>
> > If I may offer a half-baked idea: Why not a kernel module that
> > implements the access list at execve(2) for any shell or binary.
>
> Did you take a look at the spy(4) module, URLs for which I posted
> earlier in this thread? Somewhere between abial's and rwatson's work
> lies a solution. :-)
I noticed your comment in a posting following (in sequence #) the note
I replied to.
Having had a cursory look at it, it looks interesting. It reminds me
of Tru64-UNIX's audit log or MVS's SMF. I'm not running -current,
though I'm preparing my X server machine (486DX/33 -- picked up a
couple of small SCSI drives for free) as a testbed to test -current on
older hardware. I can check it out then.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD
Province of BC
"e**(i*pi)+1=0"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001182143.NAA09877>