How to retrieve pointer arguments' value
Steve Grubb
sgrubb at redhat.com
Thu Mar 6 11:21:46 UTC 2008
On Wednesday 05 March 2008 23:45:26 Marius.bao wrote:
> Some of the syscalls provide pointer arguments, but the audit just
> provide the pointer value, not the data it pointers to. How can I
> retrieve the value the argument pointers to?
The audit system captures important information about the object in other
records that are part of the same event. For example, the filename of the
open command is in a PATH record, addresses of connect are in SOCKADDR
records, etc. Is there some important information about a security relevant
object that we missed?
-Steve
More information about the Linux-audit
mailing list