Subject: recent change to kern_exec.c for #! interpreters
To: None <firstname.lastname@example.org>
From: Erik E. Fair <email@example.com>
Date: 08/07/2005 20:01:40
>Module Name: src
>Committed By: elad
>Date: Fri Jul 29 22:37:11 UTC 2005
> src/sys/kern: kern_exec.c
>Use real executed program in logs instead of the script that was executed.
>For example, this used to give false logs of matching fingerprint for
>foo.sh while foo.sh don't have an entry, and the program executed (and
>matching the fingerprint) is the interpreter - /bin/sh.
>To generate a diff of this commit:
>cvs rdiff -r1.205 -r1.206 src/sys/kern/kern_exec.c
>Please note that diffs are not public domain; they are subject to the
>copyright notices on the relevant files.
So ... if I were running with acct(2) on, what will I see in the
ac_comm field of the structure that is written to the accounting
file? sh? or the name of the script?
I submit that if it is the former, this is not a good change.