From owner-freebsd-security  Tue Jan 18 13:44:11 2000
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 57CA7151E5
	for <freebsd-security@FreeBSD.ORG>; Tue, 18 Jan 2000 13:43:50 -0800 (PST)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id NAA28330;
	Tue, 18 Jan 2000 13:43:39 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda28327; Tue Jan 18 13:43:28 2000
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id NAA09877;
	Tue, 18 Jan 2000 13:43:27 -0800 (PST)
Message-Id: <200001182143.NAA09877@passer.osg.gov.bc.ca>
Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be "passer.osg.gov.bc.ca"
 via SMTP by localhost.osg.gov.bc.ca, id smtpdYB9873; Tue Jan 18 13:43:16 2000
X-Mailer: exmh version 2.1.1 10/15/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 3.4-RELEASE
X-Sender: cschuber
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	Omachonu Ogali <oogali@intranova.net>, Adam <bsdx@looksharp.net>,
	Will Andrews <andrews@TECHNOLOGIST.COM>, freebsd-security@FreeBSD.ORG
Subject: Re: Parent Logging Patch for sh(1) 
In-reply-to: Your message of "Tue, 18 Jan 2000 22:15:05 +0200."
             <15540.948226505@axl.noc.iafrica.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 18 Jan 2000 13:43:07 -0800
From: Cy Schubert <cschuber@uumail.gov.bc.ca>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <15540.948226505@axl.noc.iafrica.com>, Sheldon Hearn writes:
> 
> 
> On Tue, 18 Jan 2000 08:05:15 PST, Cy Schubert - ITSD Open Systems Group wrote
> :
> 
> >     If I may offer a half-baked idea:  Why not a kernel module that
> >     implements the access list at execve(2) for any shell or binary.
> 
> Did you take a look at the spy(4) module, URLs for which I posted
> earlier in this thread?  Somewhere between abial's and rwatson's work
> lies a solution. :-)

I noticed your comment in a posting following (in sequence #) the note 
I replied to.

Having had a cursory look at it, it looks interesting.  It reminds me 
of Tru64-UNIX's audit log or MVS's SMF.  I'm not running -current, 
though I'm preparing my X server machine (486DX/33 -- picked up a 
couple of small SCSI drives for free) as a testbed to test -current on 
older hardware.  I can check it out then.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Sun/DEC Team, UNIX Group    Internet:  Cy.Schubert@uumail.gov.bc.ca
ITSD
Province of BC            
                      "e**(i*pi)+1=0"





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message