Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 05 Apr 2009 13:38:47 +0200
From:      Ivan Voras <ivoras@freebsd.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: I would like to know about tracing system   call in FreeBSD.
Message-ID:  <gra58n$8ag$2@ger.gmane.org>
In-Reply-To: <20090405023053.BSQ12123@expms2.cites.uiuc.edu>
References:  <20090405023053.BSQ12123@expms2.cites.uiuc.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA5DDD14D3EED5102C5A86FF8
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

hjung20@illinois.edu wrote:
> Dear,
>=20
> I have tried to trace system call using C language.
>=20
> I would like to detect privilege escalation through traceing system cal=
l.
> Although freebsd announce the patch of telnet demon to remove malicious=
 access to esaclate privilege, I would like to implement the detecting pr=
ogram.
>=20
> My idea is if I detect the change of uid of process then I can recongni=
ze the privilege escalation.

Maybe the audit(4) framework will be useful to you.


--------------enigA5DDD14D3EED5102C5A86FF8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknYmEcACgkQldnAQVacBciGvQCgtGSifzvsuwzAs1GQcMj3tyUH
+LsAnRLmcnEO5hOx8mybQIu+MDh0Yxsh
=ivg4
-----END PGP SIGNATURE-----

--------------enigA5DDD14D3EED5102C5A86FF8--




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?gra58n$8ag$2>