search for: shellsnoop

G''Day Folks, I''ve rewritten execsnoop, opensnoop and shellsnoop so that they are wrapped in the Bourne shell to provide command line options (they have all lost their ".d" extensions, but the old versions are still online). They are rather more meaningful tools now. (Eg, I can run shellsnoop with "-qp PID" with the PID of a shell, and see o...

hey.. I talked to my sysadmins about getting access to the dtrace_kernel role, and they said they were hesitant to give this out because they thought it was a security risk - ie: that you could use it for privilege escalation. How true is this? Is there a way to make it user safe? If not, why is it offered as an option for regular users? Thanks much, Ed -- This message posted from