[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: syscall arguments in audit records



Some of the system call arguments have useful information; they're not just pointing to a memory address.
Some are necessary in order to determine what syscall was performed. For IPC syscalls, a0 indicates which of the IPC calls was executed.
-debbie

linux-audit-bounces redhat com wrote on 03/25/2005 03:32:37 PM:

> System call arguments are pretty useless unless you're in a process where the
> memory addresses are still valid (like a testcase).  Would it be useful to
> put an option in at a later date that allows you to dump arguments as human
> readable?

> -tim

> --
> Linux-audit mailing list
> Linux-audit redhat com
> http://www.redhat.com/mailman/listinfo/linux-audit


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]