On Fri, Nov 24, 2000 at 08:31:26AM +0100, Tollef Fog Heen wrote: > * Peter Cordes > > | There seems to be a lot of this going on. Is it possible to modify glibc > | so that it flags dangerous actions with stuff in /tmp? > > You don't even have to modify glibc. You can have a small library > which you preload, and which puts itself in place of the functions you > want to wrap. [snip] > or you could ptrace the process
Not a complete solution though - it's fiddly to make it work with setuid apps I imagine. OTOH it is very convenient for doing comprehensive logging, which I admit my solution (kernel patch) is not. I'd be interested to see a working version of this if someone has done it. -- Colin Phipps http://www.netcraft.com/
