Date: Sun, 05 Apr 2009 13:38:47 +0200 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-questions@freebsd.org Subject: Re: I would like to know about tracing system call in FreeBSD. Message-ID: <gra58n$8ag$2@ger.gmane.org> In-Reply-To: <20090405023053.BSQ12123@expms2.cites.uiuc.edu> References: <20090405023053.BSQ12123@expms2.cites.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA5DDD14D3EED5102C5A86FF8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable hjung20@illinois.edu wrote: > Dear, >=20 > I have tried to trace system call using C language. >=20 > I would like to detect privilege escalation through traceing system cal= l. > Although freebsd announce the patch of telnet demon to remove malicious= access to esaclate privilege, I would like to implement the detecting pr= ogram. >=20 > My idea is if I detect the change of uid of process then I can recongni= ze the privilege escalation. Maybe the audit(4) framework will be useful to you. --------------enigA5DDD14D3EED5102C5A86FF8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknYmEcACgkQldnAQVacBciGvQCgtGSifzvsuwzAs1GQcMj3tyUH +LsAnRLmcnEO5hOx8mybQIu+MDh0Yxsh =ivg4 -----END PGP SIGNATURE----- --------------enigA5DDD14D3EED5102C5A86FF8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?gra58n$8ag$2>