On 12/25/05, ober <[EMAIL PROTECTED]> wrote: > Here is a patch, probably something want to test before using on > a production box. > http://www.linbsd.org/log_execve.38.patch > It logs commands to syslog like this: > > EXECVE: uid:1000 fullpath:/bin/ls command:ls foo > EXECVE: uid:1000 fullpath:/sbin/dmesg command:dmesg > EXECVE: uid:1000 fullpath:/usr/bin/touch command:touch fff
accessing a user pointer from kernel is an easy denial of service attack.
