Date: Wed, 15 Oct 1997 12:51:24 -0400 (EDT) From: Brian Mitchell <brian@firehouse.net> To: Niall Smart <njs3@doc.ic.ac.uk> Cc: c@doc.ic.ac.uk, hackers@freebsd.org Subject: Re: Question about file opens Message-ID: <Pine.BSI.3.95.971015125044.7274A-100000@shell.firehouse.net> In-Reply-To: <E0xLWYH-0007cs-00@oak73.doc.ic.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Oct 1997, Niall Smart wrote: > > On Wed, 15 Oct 1997, Charles Green wrote: > > > > > For a project I'm working on we're interested in tracking file opens, > > > and are interested in the best way of tracking them. Any ideas? Or is it > > > impossible without modifying the kernel? > > > > There are two ways, auditing (which freebsd doesnt have yet - see > > http://shell.firehouse.net/~brian/bsdc2audit for preliminary driver) or > > modifying the libc stubs. You could also use a preloaded shared lib to do > > it without rebuilding libc, if you wanted to. > > Its probably worth noting that if the auditing is for security-related > purposes then modifying the libc stubs is worse than useless because > the system calls can be called directly by the hacker without libc. > > Niall > Yes. I'm assuming the original poster is not needing to do this for security related purposes, but rather for debugging purposes.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.971015125044.7274A-100000>