Detecting loading of libraries
hsultan at thefroid.net
hsultan at thefroid.net
Thu Jan 22 00:01:59 UTC 2015
Hi,
I'm wondering if there's a good way of detecting the loading of
libraries by processes (I am specifically NOT talking about the uselib
syscall).
strace shows me apps do open(...)/mmap/mprotect
I'm currently intercepting mmap calls, however no additional context
records are given to provide the name of the library, and the file
descriptor is the 5th parameter, so I can't get that either to match it
to an open(...)
Is there a way to do this that I'm missing ?
Thanks,
Hassan
More information about the Linux-audit
mailing list