Vulnerability Development mailing list archives
Re: Core Dump as an Intrusion Event
From: Daniel Roesen <droesen () ENTIRE-SYSTEMS COM>
Date: Tue, 10 Oct 2000 10:59:15 +0200
On Sun, Oct 08, 2000 at 10:41:05PM +0300, Jarno Huuskonen wrote:
What about adding some code so it can be controlled thru the proc filesystem ? Like enabling/disabling logging, log only certain programs etc. (echo 1 > /proc/sys/kernel/core-logging) Does this sound feasible/sensible ?
I'm working on this. Logging of coredumps (names core.<processname>.<pid>) to syslog (via klogd) is already in place, it just needs the sysctl interface. Best regards, Daniel -- ---------------------------------------------------------------------- entire systems GmbH | droesen () entire-systems com Internet Services | Phone: +49 2624 9550-55 Ferbachstrasse 12 | Fax: +49 2624 9550-20 D-56203 Hoehr-Grenzhausen | http://www.entire-systems.com/ ----------------------------------------------------------------------
Current thread:
- Re: Core Dump as an Intrusion Event, (continued)
- Re: Core Dump as an Intrusion Event Crist Clark (Oct 07)
- Re: Core Dump as an Intrusion Event Kev (Oct 07)
- Re: Core Dump as an Intrusion Event antirez (Oct 08)
- Re: Core Dump as an Intrusion Event Jarno Huuskonen (Oct 08)
- Re: Core Dump as an Intrusion Event Gigi Sullivan (Oct 09)
- Re: Core Dump as an Intrusion Event Jarno Huuskonen (Oct 09)
- Re: Core Dump as an Intrusion Event Gigi Sullivan (Oct 11)
- Re: Core Dump as an Intrusion Event antirez (Oct 12)
- Re: Core Dump as an Intrusion Event antirez (Oct 09)
- Re: Core Dump as an Intrusion Event antirez (Oct 09)
- Re: Core Dump as an Intrusion Event Daniel Roesen (Oct 10)