Current directory for audit names.
David Woodhouse
dwmw2 at infradead.org
Fri May 27 11:10:05 UTC 2005
On Thu, 2005-05-26 at 14:37 -0700, Casey Schaufler wrote:
> I'd say it's less likely to have been changed.
>
> On a shared server with multiple chrooted
> apache environments wouldn't you want to know
> which cgi bin contains the hacked binary?
Yeah, maybe. I'm far more easily persuaded if your argument is provided
in diff -up form though. I believe that you'll need to check
check current->namespace->root->mnt_root against current->fs->root; if
they're different, then you have a chroot and you should use __d_path()
with current->namespace->root{,->mnt_root} as your 'root' and 'rootmnt'
arguments respectively to find out what it is.
> > We don't handle namespaces either.
>
> That's kind of important, don't you think?
Again, only root can make a new namespace. How would you meaningfully
report it?
--
dwmw2
More information about the Linux-audit
mailing list