Absolute path names in PATH records
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Jul 2 20:31:54 UTC 2007
On Mon, 02 Jul 2007 20:44:55 BST, Matthew Booth said:
> I've hit a hurdle trying to do some post processing on audit output
> because PATH records contain paths relative to the CWD, rather than the
> absolute path. How much effort would likely be involved in making sure
> these paths were always absolute?
Probably quite a bit, especially if they traverse symlinks and the like.
Additionally, you'd need to track *current* state of $CWD, as the absolute
path will change each time a chdir() happens, or if somebody does something
like 'mv . ../../foo'. Particularly evil to track:
cd foo/bar/baz
./myprog &
cd ../
mv baz ..
Where's myprog's ../../bin pointing now? And how would your post processor
know that happened?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070702/cf9815a2/attachment.sig>
More information about the Linux-audit
mailing list