Date: Fri, 9 Jul 1999 12:20:05 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Nate Williams <nate@mt.sri.com> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, Darren Reed <avalon@coombs.anu.edu.au>, Ben Gras <ben@nl.euro.net>, freebsd-security@FreeBSD.ORG Subject: Re: how to keep track of root users? Message-ID: <199907091620.MAA16574@khavrinen.lcs.mit.edu> In-Reply-To: <199907091609.KAA06341@mt.sri.com> References: <199907081645.KAA29163@mt.sri.com> <Pine.BSF.3.96.990709034644.24202B-100000@fledge.watson.org> <199907091609.KAA06341@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 9 Jul 1999 10:09:45 -0600, Nate Williams <nate@mt.sri.com> said: >> The problem raised here again, of course, is the copyin of string >> arguments. > Does anyone else have any ideas? Add auditing data in struct nameidata, and continue to track the information inside of namei. > I don't think this will work, simply because how do we differentiate > between different syscall that will eventually be running in parallel in > the kernel? They will be running in different execution contexts (i.e., processes, at least in the CS-theoretic sense). > I believe there is a trade-off that allows us to somehow 'reduce' > creation of records with a simple filtering scheme that should be much > more effecient than generating records that the benefits are easily > seen. BAF (``Berkeley auditing filter'') -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907091620.MAA16574>