I would like to know about tracing system call in FreeBSD.
Ivan Voras
ivoras at freebsd.org
Sun Apr 5 04:40:05 PDT 2009
hjung20 at illinois.edu wrote:
> Dear,
>
> I have tried to trace system call using C language.
>
> I would like to detect privilege escalation through traceing system call.
> Although freebsd announce the patch of telnet demon to remove malicious access to esaclate privilege, I would like to implement the detecting program.
>
> My idea is if I detect the change of uid of process then I can recongnize the privilege escalation.
Maybe the audit(4) framework will be useful to you.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090405/04b80260/signature.pgp
More information about the freebsd-questions
mailing list