* How to retrieve pointer arguments' value
@ 2008-03-06 4:45 Marius.bao
2008-03-06 11:21 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Marius.bao @ 2008-03-06 4:45 UTC (permalink / raw)
To: linux-audit
Hi,
Some of the syscalls provide pointer arguments, but the audit just
provide the pointer value, not the data it pointers to. How can I
retrieve the value the argument pointers to?
Thanks in advance!
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: How to retrieve pointer arguments' value
2008-03-06 4:45 How to retrieve pointer arguments' value Marius.bao
@ 2008-03-06 11:21 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2008-03-06 11:21 UTC (permalink / raw)
To: linux-audit
On Wednesday 05 March 2008 23:45:26 Marius.bao wrote:
> Some of the syscalls provide pointer arguments, but the audit just
> provide the pointer value, not the data it pointers to. How can I
> retrieve the value the argument pointers to?
The audit system captures important information about the object in other
records that are part of the same event. For example, the filename of the
open command is in a PATH record, addresses of connect are in SOCKADDR
records, etc. Is there some important information about a security relevant
object that we missed?
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-03-06 11:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-03-06 4:45 How to retrieve pointer arguments' value Marius.bao
2008-03-06 11:21 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox