Years ago I used the stop() and system() actions to neutralize a security bug until the patches were ready, but there's a big caveat: DTrace is not reliable for this because it can drop events. Basically, DTrace is not appropriate for these kinds of tasks.
FYI, the stop() action can be very dangerous: you really want to not stop the dtrace consumer... Also, the system() action might get dropped and you might never prun something that needed to be. It'd be nice to have something that could be scripted for modifying system call and user-land (but probably not kernel) function behavior... Nico -- ------------------------------------------- dtrace-discuss Archives: https://www.listbox.com/member/archive/184261/=now RSS Feed: https://www.listbox.com/member/archive/rss/184261/25769126-e243886f Modify Your Subscription: https://www.listbox.com/member/?member_id=25769126&id_secret=25769126-8d47a7b2 Powered by Listbox: http://www.listbox.com
