hjun...@illinois.edu wrote:
> Dear,
> 
> I have tried to trace system call using C language.
> 
> I would like to detect privilege escalation through traceing system call.
> Although freebsd announce the patch of telnet demon to remove malicious 
> access to esaclate privilege, I would like to implement the detecting program.
> 
> My idea is if I detect the change of uid of process then I can recongnize the 
> privilege escalation.

Maybe the audit(4) framework will be useful to you.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to