On Saturday 11 May 2002 10:13 pm, John Levon wrote: > On Thu, May 09, 2002 at 10:35:25PM +0530, Sridhar N wrote: > I have now added a short FAQ on intercepting system calls, and in > particular sys_execve(). > > Please comment on any clarity or correctness problems ok, my problem is that trapping execve() is a very critical part of my mini-Intrusion Detection System that i'm developing as part of a college project. Most of the components of this project have been untested so far, so basically w're doing prototypes right now....and sys_execve() is a place i got stuck. Reading your FAQ, i just got a bit confused on the how the sys_execve() works, can you elaborate on it ? And the part about providing a hook ... I just want to printk the name of the executable and be done with it. Can't it be done in an easier way ? regards Sridhar -- Anyone can do any amount of work provided it isn't the work he is supposed to be doing -- Murphy's Laws on Work -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
