Date: Fri, 18 Oct 2002 20:29:50 +0200 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: Ramkumar Chinchani <rc27@cse.Buffalo.EDU> Cc: hackers@freebsd.org Subject: Re: tracing exec system call Message-ID: <20021018182950.GQ80034@garage.freebsd.pl> In-Reply-To: <200210172213.g9HMDO423357@pollux.cse.buffalo.edu> References: <200210172213.g9HMDO423357@pollux.cse.buffalo.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Oct 17, 2002 at 06:13:24PM -0400, Ramkumar Chinchani wrote: +> +> What would be the best way to *capture* the execv system call at its entry point +> from user space? ptrace()? +> +> What would be a good way to inspect the command line args to execv *after* the +> path, etc., has been resolved? +> +> This is useful if one wants to monitor a process and all the system calls it makes and then disallow a few of them if suspicious. Take a look at: http://cerber.sourceforge.net If You want monitor only execve(), then rexec project should be enough. -- Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPbBTHj/PhmMH/Mf1AQFNuAP+KxApEyEmVotEBR94CVKKdYtgrCscUK7M kQkoM8zvBB85GnK3LCGweTUd9KTx9MFdTDsXtdR7nhF+o92Jp0Y0UZmuOCWx/jqC bRj8TTC2WphXlhf3Gtr4HhAn5BZCY3fnxPA56vvOByoaxTdeqRF1+0SJ6BkvIeUn bg2ItnDx15k= =nZ5z -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021018182950.GQ80034>