Bad file access on the rise

Miloslav Trma─Ź mitr at volny.cz
Fri Jun 7 18:38:56 UTC 2013


On Fri, Jun 7, 2013 at 8:29 PM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> So why not add a mechanism to permit applications to indicate that
> certain accesses they make should be ignored by audit?

Because it would be primarily useful to the attackers' applications.
Or am I missing something?  (BTW, audit already has something like
"dontaudit" rules.  But it has limited information to work with.)
   Mirek


More information about the devel mailing list