Re: Current directory for audit names.
On Thu, 2005-05-26 at 14:37 -0700, Casey Schaufler wrote:
I'd say it's less likely to have been changed.
On a shared server with multiple chrooted
apache environments wouldn't you want to know
which cgi bin contains the hacked binary?
Yeah, maybe. I'm far more easily persuaded if your argument is provided
in diff -up form though. I believe that you'll need to check
check current->namespace->root->mnt_root against current->fs->root; if
they're different, then you have a chroot and you should use __d_path()
with current->namespace->root{,->mnt_root} as your 'root' and
'rootmnt'
arguments respectively to find out what it is.
> We don't handle namespaces either.
That's kind of important, don't you think?
Again, only root can make a new namespace. How would you meaningfully
report it?
--
dwmw2