Date: Sun, 05 Apr 2009 13:38:47 +0200 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-questions@freebsd.org Subject: Re: I would like to know about tracing system call in FreeBSD. Message-ID: <gra58n$8ag$2@ger.gmane.org> In-Reply-To: <20090405023053.BSQ12123@expms2.cites.uiuc.edu> References: <20090405023053.BSQ12123@expms2.cites.uiuc.edu>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] hjung20@illinois.edu wrote: > Dear, > > I have tried to trace system call using C language. > > I would like to detect privilege escalation through traceing system call. > Although freebsd announce the patch of telnet demon to remove malicious access to esaclate privilege, I would like to implement the detecting program. > > My idea is if I detect the change of uid of process then I can recongnize the privilege escalation. Maybe the audit(4) framework will be useful to you. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknYmEcACgkQldnAQVacBciGvQCgtGSifzvsuwzAs1GQcMj3tyUH +LsAnRLmcnEO5hOx8mybQIu+MDh0Yxsh =ivg4 -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?gra58n$8ag$2>