On Mon, May 13, 2002 at 10:33:57PM +0530, Sridhar N wrote: > > ok, my problem is that trapping execve() is a very critical part of my > mini-Intrusion Detection System that i'm developing as part of a college > project. You might want to build your project on top of the Loadable Security Modules patch at: http://lsm.immunix.org/ which allows you to focus on the policy and implementation issues of your security system, and not on things like "where to put this hook", and "how to grab a syscall". As has been stated on this list many times, don't hook syscalls, it isn't portable, or race free. Just a suggestion :) thanks, greg k-h -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
