> I know how to write a security monitor that does what you want:
> use ptrace. (Yeah, I know, ptrace is my one-trick pony.)
> The security monitor would be the parent process of the process that
> you wish to control. It would use PTRACE_SYSCALL to run the target's
> user-space instructions at full speed and filter the target's system
> call requests. For example, if your httpd tries to open "/etc/passwd"
> for reading, the security monitor simply logs the attempt, SIGKILL's
> the process, whatever.
Well, this already has been done for solaris, and is described/ready
for download at http://www.cs.berkeley.edu/~daw/janus/.
Pavel
-- I'm really pavel@ucw.cz. Look at http://195.113.31.123/~pavel. Pavel Hi! I'm a .signature virus! Copy me into your ~/.signature, please!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/