From owner-freebsd-audit Thu Dec 2 2:19:26 1999 Delivered-To: freebsd-audit@freebsd.org Received: from mimer.webgiro.com (mimer.webgiro.com [212.209.29.5]) by hub.freebsd.org (Postfix) with ESMTP id E12D914E2D for ; Thu, 2 Dec 1999 02:19:24 -0800 (PST) (envelope-from abial@webgiro.com) Received: by mimer.webgiro.com (Postfix, from userid 66) id 4BCF32DC07; Thu, 2 Dec 1999 11:19:55 +0100 (CET) Received: by mx.webgiro.com (Postfix, from userid 1001) id B2D917813; Thu, 2 Dec 1999 11:15:13 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mx.webgiro.com (Postfix) with ESMTP id B0AEE10E10; Thu, 2 Dec 1999 11:15:13 +0100 (CET) Date: Thu, 2 Dec 1999 11:15:11 +0100 (CET) From: Andrzej Bialecki To: peter.jeremy@alcatel.com.au Cc: Thomas Stromberg , freebsd-audit@FreeBSD.ORG Subject: Re: Where to start? Heres a few overflows. (smashwidgets) In-Reply-To: <99Dec2.074732est.40322@border.alcanet.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 2 Dec 1999, Peter Jeremy wrote: > > Whats > >a nice automated way to find out what enviroment variables are used by a > >binary? truss was no help here it seems. > > truss (and ktrace) won't work because the environment is in user space > and doesn't generate any system calls. However, execve() syscall contains full environment passed to a process. You can spy on this syscall e.g. with my SPY module :-) http://www.freebsd.org/~abial/spy/README Andrzej Bialecki // WebGiro AB, Sweden (http://www.webgiro.com) // ------------------------------------------------------------------- // ------ FreeBSD: The Power to Serve. http://www.freebsd.org -------- // --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ---- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message