from the secret journal of Izak Burger ([EMAIL PROTECTED]):
> I think you're thinking about BSD process accounting. It provides a way
> to tell the kernel to write process information to a file. I have never
> worked with it before, but now you have a bit more to go on :)
almost. since bsd process accounting only comes into effect when a process
exits, a trojan could exec("/bin/ls") and escape being logged. (IIRC)
--
Jacob Kuntz
[EMAIL PROTECTED]
http://underworld.net/~jake
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]