From owner-freebsd-hackers@FreeBSD.ORG Tue Apr 8 12:27:20 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BF9137B401 for ; Tue, 8 Apr 2003 12:27:20 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F97643F93 for ; Tue, 8 Apr 2003 12:27:19 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 19B683ABB47; Tue, 8 Apr 2003 21:27:19 +0200 (CEST) Date: Tue, 8 Apr 2003 21:27:19 +0200 From: Pawel Jakub Dawidek To: Steffen Mazanek Message-ID: <20030408192718.GP1280@garage.freebsd.pl> References: <86vfxpmov5.fsf@pseiko.studfb.unibw-muenchen.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="7L9kolmstoDTZ4pm" Content-Disposition: inline In-Reply-To: <86vfxpmov5.fsf@pseiko.studfb.unibw-muenchen.de> X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-RELEASE i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i cc: freebsd-hackers@freebsd.org Subject: Re: Idea related to UNIX directories X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2003 19:27:20 -0000 --7L9kolmstoDTZ4pm Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 08, 2003 at 09:26:22AM +0200, Steffen Mazanek wrote: +> I think it would be quit useful to allow some=20 +> code to be related to e.g. the i-nodes of directories. +> Consider therefore an example. At first, all +> directories have a default assignment to save +> memory. This default assignment may realize +> permission related stuff. Now some privileged users +> have the permission to add their own code, which +> must implement an interface and some standard=20 +> functions and in addition they are able to trigger +> some events, e.g. write something to a log-file +> whenever a user enters the directory or start=20 +> an application. +>=20 +> What do you think about this idea? Is it feasible +> at all? You can try CerbNG, it provides much more than you want. http://cerber.sourceforge.net There is policy that privide logging of execve() calls with arguments and all interesting process informations: http://cerber.sourceforge.net/policies/log-exec.cb You can write policy that will log interesting events with some prefix and write program that will catch those logs and handle with catched event. If you give me some examples I could help you to write suitable policies. --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --7L9kolmstoDTZ4pm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPpMilj/PhmMH/Mf1AQFvywP+Ixfa/rjG15jjiYcy5FtXjNLwGtyq+oFI a346DKLMU7una9hDcwPNY0yXi3KuTpc4T9TtKCthCnfNmoCzEgrRZ6qIoh8KdzIN iyVbvuqu+y7ka5Vpc4eDvvDJvBsAnyEXkgMRzCLQ3b5UcYtrjAQMvWIPPa1CvxfQ RcklyG4z4hY= =Z5jT -----END PGP SIGNATURE----- --7L9kolmstoDTZ4pm--