Date: Mon, 20 Sep 1999 10:36:09 -0600 From: Nate Williams <nate@mt.sri.com> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: jobe@attrition.org (Jobe), security@FreeBSD.ORG Subject: Re: Real-time alarms Message-ID: <199909201636.KAA01106@mt.sri.com> In-Reply-To: <199909200629.XAA57821@gndrsh.dnsmgr.net> References: <Pine.LNX.3.96.990919225507.13128G-100000@forced.attrition.org> <199909200629.XAA57821@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Myself, I like the idea of how bpf handles the filtering side. Compile > up an expression and shove it into the kernel so you minimize copy out > operations. FWIW, I agree completely, and actually looked a bit into this. However, figuring out how to do that in the as-yet mostly unspecified audit records is time-consuming. Let's get it working first, then see what falls out, including a potential re-write of the entire auditing record so that 'apf' can be implemented. :) (As a point of reference, Solaris 'claims' to have kernel level filtering, but it turns out that it just sets a 'flag' in the audit record that tells the userland program whether or not the user asked for this record, so the filtering is done at userland. *blah*) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909201636.KAA01106>