From owner-freebsd-security  Tue Jan 18 12:17:23 2000
Delivered-To: freebsd-security@freebsd.org
Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175])
	by hub.freebsd.org (Postfix) with ESMTP id 1B9E51500B
	for <freebsd-security@freebsd.org>; Tue, 18 Jan 2000 12:17:15 -0800 (PST)
	(envelope-from sheldonh@axl.noc.iafrica.com)
Received: from sheldonh (helo=axl.noc.iafrica.com)
	by axl.noc.iafrica.com with local-esmtp (Exim 3.11 #1)
	id 12Af1t-00042f-00; Tue, 18 Jan 2000 22:15:05 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: Omachonu Ogali <oogali@intranova.net>, Adam <bsdx@looksharp.net>,
	Will Andrews <andrews@TECHNOLOGIST.COM>, freebsd-security@FreeBSD.ORG
Subject: Re: Parent Logging Patch for sh(1) 
In-reply-to: Your message of "Tue, 18 Jan 2000 08:05:15 PST."
             <200001181605.IAA48520@cwsys.cwsent.com> 
Date: Tue, 18 Jan 2000 22:15:05 +0200
Message-ID: <15540.948226505@axl.noc.iafrica.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Tue, 18 Jan 2000 08:05:15 PST, Cy Schubert - ITSD Open Systems Group wrote:

>     If I may offer a half-baked idea:  Why not a kernel module that
>     implements the access list at execve(2) for any shell or binary.

Did you take a look at the spy(4) module, URLs for which I posted
earlier in this thread?  Somewhere between abial's and rwatson's work
lies a solution. :-)

Ciao,
Sheldon.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message