Current directory for audit names.
Casey Schaufler
casey at schaufler-ca.com
Thu May 26 21:37:59 UTC 2005
--- David Woodhouse <dwmw2 at infradead.org> wrote:
> > What about the current root? You need all of
> > the root, the current working directory, and
> > the requested path to have the complete path.
>
> Maybe. Only root can change that though, so it's
> less important.
I'd say it's less likely to have been changed.
On a shared server with multiple chrooted
apache environments wouldn't you want to know
which cgi bin contains the hacked binary?
> We don't handle namespaces either.
That's kind of important, don't you think?
> I can add the root if there's consensus that it
> would be useful.
The Unix experiance is that it's important.
Casey Schaufler
casey at schaufler-ca.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Linux-audit
mailing list