From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: How to retrieve pointer arguments' value
Date: Thu, 6 Mar 2008 06:21:46 -0500 [thread overview]
Message-ID: <200803060621.46877.sgrubb@redhat.com> (raw)
In-Reply-To: <b807c37c0803052045n227cd6cdi3c2eeaa2549216ea@mail.gmail.com>
On Wednesday 05 March 2008 23:45:26 Marius.bao wrote:
> Some of the syscalls provide pointer arguments, but the audit just
> provide the pointer value, not the data it pointers to. How can I
> retrieve the value the argument pointers to?
The audit system captures important information about the object in other
records that are part of the same event. For example, the filename of the
open command is in a PATH record, addresses of connect are in SOCKADDR
records, etc. Is there some important information about a security relevant
object that we missed?
-Steve
prev parent reply other threads:[~2008-03-06 11:21 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-06 4:45 How to retrieve pointer arguments' value Marius.bao
2008-03-06 11:21 ` Steve Grubb [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200803060621.46877.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox