Add "sid" to execve (Feature)

draios / sysdig

Linux system exploration and troubleshooting tool with first class support for containers

http://www.sysdig.com/

Other

7.78k stars 725 forks source link

Add "sid" to execve (Feature) #891

Open arossert opened 7 years ago

arossert commented 7 years ago

I'm currently working on a branch (will submit a PR soon) to add pgrp to the execve event so we can relate events that executed with pipe (like ps -ef | grep bash).

While doing so I noticed that the threadinfo have a field m_sid that is only set during setuid syscall so I was thinking to extract the sid value in execve events what do you think? (I believe that this could help in chisels like spy_users & list_login_shells)

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.