Well, in fact I am only interested in this socketcall so if it works fine for it, that's enough. May the user introduce fake information within this socketcall logging ? Regards. Pedro. On 14-Oct-2003 Arjan van de Ven wrote: > On Tue, 2003-10-14 at 12:15, Pedro Bados wrote: > > btw if you want to use this for audit-logging, you do realize that the > user can make this log different info than the actual syscall is > executed with? > (eg if you log unlink calls the log may show "user X deleted > /tmp/myfile" while the user actually unlinked "/tmp/otherfile") >
Attachment:
signature.asc
Description: This is a digitally signed message part
