Hi all,
Please CC me in your replies. (not subscribed to the list)
I am developping a firewall application[1], that filters connections
(besides other informations) on the process which is sending/receiving
the packets. To get the corresponding process name I use the following
method:
1.) i get the ip/port from ip_queue
2.) i search for the inode in /proc/sys/tcp[udp]
3.) i search in /proc/xxx/fd/ for the inode
4.) i get the executeable name by examining /proc/xxx/fd/exe
xxx being all pids in /proc
I just wanted to know if it is possible for a non-root process to
modify:
- /proc/PID/exe
- /proc/PID/fd
- /proc/sys/tcp
ie: Is the infomation I get this way reliable or can it be faked.
greetings
Martin Maurer
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jun 15 2003 - 22:00:27 EST