From owner-freebsd-security Fri Jul 9 9:20:27 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 7891314BF8 for ; Fri, 9 Jul 1999 09:20:23 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id MAA16574; Fri, 9 Jul 1999 12:20:05 -0400 (EDT) (envelope-from wollman) Date: Fri, 9 Jul 1999 12:20:05 -0400 (EDT) From: Garrett Wollman Message-Id: <199907091620.MAA16574@khavrinen.lcs.mit.edu> To: Nate Williams Cc: Robert Watson , Darren Reed , Ben Gras , freebsd-security@FreeBSD.ORG Subject: Re: how to keep track of root users? In-Reply-To: <199907091609.KAA06341@mt.sri.com> References: <199907081645.KAA29163@mt.sri.com> <199907091609.KAA06341@mt.sri.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: >> The problem raised here again, of course, is the copyin of string >> arguments. > Does anyone else have any ideas? Add auditing data in struct nameidata, and continue to track the information inside of namei. > I don't think this will work, simply because how do we differentiate > between different syscall that will eventually be running in parallel in > the kernel? They will be running in different execution contexts (i.e., processes, at least in the CS-theoretic sense). > I believe there is a trade-off that allows us to somehow 'reduce' > creation of records with a simple filtering scheme that should be much > more effecient than generating records that the benefits are easily > seen. BAF (``Berkeley auditing filter'') -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message