[email protected] wrote: > Dear, > > I have tried to trace system call using C language. > > I would like to detect privilege escalation through traceing system call. > Although freebsd announce the patch of telnet demon to remove malicious > access to esaclate privilege, I would like to implement the detecting program. > > My idea is if I detect the change of uid of process then I can recongnize the > privilege escalation.
Maybe the audit(4) framework will be useful to you.
signature.asc
Description: OpenPGP digital signature
