Package: libbpf-tools Version: 0.26.0+ds-1 Severity: normal File: /usr/sbin/execsnoop
execsnoop is super useful, but fails rather ungracefully if the commandline argument is longer than 128 characters. i have tried to improve that with a patch, but couldn't figure out why. execsnoop.bt in the bpftrace package doesn't suffer from this limitation, so it's not a problem in the kernel itself. See also: https://github.com/iovisor/bcc/issues/740 -- System Information: Debian Release: bookworm/sid APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'stable-security'), (500, 'testing'), (500, 'stable'), (1, 'experimental'), (1, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-5-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libbpf-tools depends on: ii libc6 2.36-8 ii libelf1 0.188-2.1 ii zlib1g 1:1.2.13.dfsg-1 libbpf-tools recommends no packages. libbpf-tools suggests no packages. -- no debconf information
