syscall arguments in audit records
Debora Velarde
dvelarde at us.ibm.com
Fri Mar 25 21:53:53 UTC 2005
Some of the system call arguments have useful information; they're not just
pointing to a memory address.
Some are necessary in order to determine what syscall was performed. For
IPC syscalls, a0 indicates which of the IPC calls was executed.
-debbie
tinytim at us.ltcfwd
.linux.ibm.com
Sent by: To
linux-audit-bounc linux-audit at redhat.com
es at redhat.com cc
Subject
03/25/2005 03:32 syscall arguments in audit records
PM
Please respond to
Linux Audit
Discussion
System call arguments are pretty useless unless you're in a process where
the
memory addresses are still valid (like a testcase). Would it be useful to
put an option in at a later date that allows you to dump arguments as human
readable?
-tim
--
Linux-audit mailing list
Linux-audit at redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050325/dadad2ce/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050325/dadad2ce/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic30961.gif
Type: image/gif
Size: 1255 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050325/dadad2ce/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050325/dadad2ce/attachment-0002.gif>
More information about the Linux-audit
mailing list