Re: Linux needs flexible security

Pavel Machek (
Sat, 20 Nov 1999 13:09:48 +0100


> I know how to write a security monitor that does what you want:
> use ptrace. (Yeah, I know, ptrace is my one-trick pony.)

> The security monitor would be the parent process of the process that
> you wish to control. It would use PTRACE_SYSCALL to run the target's
> user-space instructions at full speed and filter the target's system
> call requests. For example, if your httpd tries to open "/etc/passwd"
> for reading, the security monitor simply logs the attempt, SIGKILL's
> the process, whatever.

Well, this already has been done for solaris, and is described/ready
for download at

I'm really Look at  Pavel
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at