Re: commandlogging

To: Izak Burger <gpf@linuxuser.co.za>
Cc: debian security list <debian-security@lists.debian.org>
Subject: Re: commandlogging
From: jake@capecodvacation.com (Jacob Kuntz)
Date: Mon, 5 Mar 2001 13:10:11 -0500
Message-id: <[🔎] 20010305131011.E5668@capecodvacation.com>
In-reply-to: <[🔎] Pine.LNX.4.21.0103051217120.18569-100000@erwin.cs.sun.ac.za>; from gpf@linuxuser.co.za on Mon, Mar 05, 2001 at 12:18:38PM +0200
References: <[🔎] 3AA35DDC.8F129391@dlsi.ua.es> <[🔎] Pine.LNX.4.21.0103051217120.18569-100000@erwin.cs.sun.ac.za>

from the secret journal of Izak Burger (gpf@linuxuser.co.za):
> I think you're thinking about BSD process accounting.  It provides a way
> to tell the kernel to write process information to a file.  I have never
> worked with it before, but now you have a bit more to go on :)

almost. since bsd process accounting only comes into effect when a process
exits, a trojan could exec("/bin/ls") and escape being logged. (IIRC)

-- 
Jacob Kuntz
jake@capecodvacation.com
http://underworld.net/~jake

Reply to:

References:
- Re: commandlogging
  - From: Miguel Ángel Varó Giner <mvaro@dlsi.ua.es>
- Re: commandlogging
  - From: Izak Burger <gpf@linuxuser.co.za>

Prev by Date: Re: promiscuous eth0
Next by Date: Re: promiscuous eth0
Previous by thread: Re: [OT] install openssh 2.5.x
Next by thread: Re: commandlogging
Index(es):
- Date
- Thread