Re: Unix command-line _arguement_ signatures

Jas (matt@uts.edu.au)
Sun, 18 Sep 1994 07:26:39 +1000 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard A Childers: "keystroke monitoring ( was Re: lastcomm )"
Previous message: Rafi Sadowsky: "Re: Unix command-line _arguement_ signatures"
In reply to: Rafi Sadowsky: "Re: Unix command-line _arguement_ signatures"
Next in thread: Brad Powell: "Re: Unix command-line _arguement_ signatures"

Rafi Sadowsky wrote this...
> 
> Just a thought - what happens when your "bad guy" bring in
> (cleverly named) statically linked programs
> 
> 
hmmm true.. how about a patch for the kernel instead? :) ooh i can see that
happeneing at a really fast rate of knots, but kernels with run time config
that shouldne be too much of a problem, just modify slightly the execve()
call and away you go... then you can track by the vnode of the process text
in which case downloading statically linked suff would be easier to find.
you can track the vnode as well as the arguments.. heh collecting all this
data is approaching an overload... can anyone else think of an easier way?


					Matt

--

	Matthew Keenan
	Systems Programmer		 Information Technology Division
	University of Technology Sydney			       Australia

	www:	http://milliways.itd.uts.edu.au/~matt/
	email:	matt@uts.edu.au
	phone:	+61 2 330 1390		"Don't murder a man who is about
	fax:	+61 2 330 1999		to commit suicide."
	home:	+61 2 416 5722		-- Machiavelli

GCV 2.1 GAT/M/CS d--(-+) H-- s++:-- g+ p? !au a-(?) w+++ v+ C+++$
	UVS++++$ P+>+++ L- 3+++ E-(++) N++ K W--- M+ V-- -po+(+) Y+ t+
	!5>++ jx R+ G? !tv b+++ D++ B e+ u--(**) h- f+(*) r n- !y

Next message: Richard A Childers: "keystroke monitoring ( was Re: lastcomm )"
Previous message: Rafi Sadowsky: "Re: Unix command-line _arguement_ signatures"
In reply to: Rafi Sadowsky: "Re: Unix command-line _arguement_ signatures"
Next in thread: Brad Powell: "Re: Unix command-line _arguement_ signatures"