On Mon, 02 Jul 2007 20:44:55 BST, Matthew Booth said: > I've hit a hurdle trying to do some post processing on audit output > because PATH records contain paths relative to the CWD, rather than the > absolute path. How much effort would likely be involved in making sure > these paths were always absolute?
Probably quite a bit, especially if they traverse symlinks and the like. Additionally, you'd need to track *current* state of $CWD, as the absolute path will change each time a chdir() happens, or if somebody does something like 'mv . ../../foo'. Particularly evil to track: cd foo/bar/baz ./myprog & cd ../ mv baz .. Where's myprog's ../../bin pointing now? And how would your post processor know that happened?
pgpwnKz7v7HuT.pgp
Description: PGP signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
