Re: Current directory for audit names.
--- David Woodhouse <dwmw2(a)infradead.org> wrote:
> What about the current root? You need all of
> the root, the current working directory, and
> the requested path to have the complete path.
Maybe. Only root can change that though, so it's
less important.
I'd say it's less likely to have been changed.
On a shared server with multiple chrooted
apache environments wouldn't you want to know
which cgi bin contains the hacked binary?
We don't handle namespaces either.
That's kind of important, don't you think?
I can add the root if there's consensus that it
would be useful.
The Unix experiance is that it's important.
Casey Schaufler
casey(a)schaufler-ca.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com