syscall arguments in audit records
Debora Velarde
dvelarde at us.ibm.com
Fri Mar 25 21:55:00 UTC 2005
Some of the system call arguments have useful information; they're not just
pointing to a memory address.
Some are necessary in order to determine what syscall was performed. For
IPC syscalls, a0 indicates which of the IPC calls was executed.
-debbie
linux-audit-bounces at redhat.com wrote on 03/25/2005 03:32:37 PM:
> System call arguments are pretty useless unless you're in a process where
the
> memory addresses are still valid (like a testcase). Would it be useful
to
> put an option in at a later date that allows you to dump arguments as
human
> readable?
> -tim
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050325/9e2a8c59/attachment.htm>
More information about the Linux-audit
mailing list