from the secret journal of Izak Burger ([EMAIL PROTECTED]): > I think you're thinking about BSD process accounting. It provides a way > to tell the kernel to write process information to a file. I have never > worked with it before, but now you have a bit more to go on :)
almost. since bsd process accounting only comes into effect when a process
exits, a trojan could exec("/bin/ls") and escape being logged. (IIRC)
--
Jacob Kuntz
[EMAIL PROTECTED]
http://underworld.net/~jake
