From owner-freebsd-questions@FreeBSD.ORG Sun Apr 5 07:40:59 2009 Return-Path: Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FC5B106566B for ; Sun, 5 Apr 2009 07:40:59 +0000 (UTC) (envelope-from hjung20@illinois.edu) Received: from expredir7.cites.uiuc.edu (expredir7.cites.uiuc.edu [128.174.5.168]) by mx1.freebsd.org (Postfix) with ESMTP id E80FC8FC13 for ; Sun, 5 Apr 2009 07:40:58 +0000 (UTC) (envelope-from hjung20@illinois.edu) Received: from expms2.cites.uiuc.edu (expms2.cites.uiuc.edu [128.174.5.206]) by expredir7.cites.uiuc.edu (8.14.2/8.14.2) with ESMTP id n357UmE4007736 for ; Sun, 5 Apr 2009 02:30:53 -0500 (CDT) Received: (from expms2.cites.uiuc.edu [128.174.5.212]) by expms2.cites.uiuc.edu (MOS 3.10.3-GA) with HTTP/1.1 id BSQ12123 (AUTH hjung20); Sun, 5 Apr 2009 02:30:53 -0500 (CDT) From: To: freebsd-questions@FreeBSD.org X-Mailer: Mirapoint Webmail Direct 3.10.3-GA MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20090405023053.BSQ12123@expms2.cites.uiuc.edu> Date: Sun, 5 Apr 2009 02:30:53 -0500 (CDT) Cc: Subject: I would like to know about tracing system call in FreeBSD. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Apr 2009 07:40:59 -0000 Dear, I have tried to trace system call using C language. I would like to detect privilege escalation through traceing system call. Although freebsd announce the patch of telnet demon to remove malicious access to esaclate privilege, I would like to implement the detecting program. My idea is if I detect the change of uid of process then I can recongnize the privilege escalation. I would like to get the program guide or document of kernel program of freebsd. Sincere.