[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Suggestions based on my experiences so far



On Thu, 2005-01-27 at 19:04, Avishay Traeger wrote:
> 2. The name of the process (or command) which invoked the system call is
> not logged (tsk->comm).

tsk->comm isn't reliable, but they could include the executable
information, as SELinux does in its audit messages (when possible).  See
security/selinux/avc.c:avc_audit, which in turn derived this particular
code from fs/proc/base.c:proc_exe_link (i.e. it shows the same
information you get from ls -l /proc/<pid>/exe).

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]