From owner-freebsd-bugs Fri Nov 16 15:19:26 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id B43EC37B416; Fri, 16 Nov 2001 15:19:21 -0800 (PST) Received: (from iedowse@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id fAGNHql15192; Fri, 16 Nov 2001 15:17:52 -0800 (PST) (envelope-from iedowse) Date: Fri, 16 Nov 2001 15:17:52 -0800 (PST) From: Message-Id: <200111162317.fAGNHql15192@freefall.freebsd.org> To: borjamar@sarenet.es, iedowse@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/15435: Attempts to execute programs from a noexec filesystem should be logged Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Synopsis: Attempts to execute programs from a noexec filesystem should be logged State-Changed-From-To: open->closed State-Changed-By: iedowse State-Changed-When: Fri Nov 16 15:09:05 PST 2001 State-Changed-Why: While such logging might be useful in certain environments, it is not something that would be committed in this form. There are numerous other permission checks in virtually all system calls that might potentially be useful for security monitoring but we can't send syslog messages for every one. Maybe a better solution would be to use some kernel-wide syscall logging with filtering as necessary. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=15435 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message