atom feed19 messages in org.freebsd.freebsd-securityRe: Parent Logging Patch for sh(1)
FromSent OnAttachments
Omachonu OgaliJan 16, 2000 10:04 am 
Will AndrewsJan 16, 2000 12:03 pm 
Omachonu OgaliJan 16, 2000 2:10 pm 
Will AndrewsJan 16, 2000 2:29 pm 
Omachonu OgaliJan 16, 2000 3:11 pm 
Sheldon HearnJan 17, 2000 2:57 am 
AdamJan 17, 2000 12:47 pm 
Omachonu OgaliJan 17, 2000 6:03 pm 
Keith StevensonJan 17, 2000 8:20 pm 
Michael RobinsonJan 17, 2000 9:24 pm 
Sheldon HearnJan 17, 2000 10:09 pm 
Omachonu OgaliJan 18, 2000 4:02 am 
Sheldon HearnJan 18, 2000 4:20 am 
Omachonu OgaliJan 18, 2000 7:35 am 
Cy Schubert - ITSD Open Systems GroupJan 18, 2000 8:04 am 
Omachonu OgaliJan 18, 2000 8:15 am 
Sheldon HearnJan 18, 2000 12:14 pm 
Cy SchubertJan 18, 2000 1:42 pm 
Robert WatsonJan 18, 2000 3:59 pm 
Subject:Re: Parent Logging Patch for sh(1)
From:Cy Schubert (csch@uumail.gov.bc.ca)
Date:Jan 18, 2000 1:42:45 pm
List:org.freebsd.freebsd-security

In message <1554@axl.noc.iafrica.com>, Sheldon Hearn writes:

On Tue, 18 Jan 2000 08:05:15 PST, Cy Schubert - ITSD Open Systems Group wrote :

If I may offer a half-baked idea: Why not a kernel module that implements the access list at execve(2) for any shell or binary.

Did you take a look at the spy(4) module, URLs for which I posted earlier in this thread? Somewhere between abial's and rwatson's work lies a solution. :-)

I noticed your comment in a posting following (in sequence #) the note I replied to.

Having had a cursory look at it, it looks interesting. It reminds me of Tru64-UNIX's audit log or MVS's SMF. I'm not running -current, though I'm preparing my X server machine (486DX/33 -- picked up a couple of small SCSI drives for free) as a testbed to test -current on older hardware. I can check it out then.

Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Sun/DEC Team, UNIX Group Internet: Cy.S@uumail.gov.bc.ca ITSD Province of BC "e**(i*pi)+1=0"

To Unsubscribe: send mail to majo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message