Board index Unix Security

BSM Solaris - question of return value

BSM Solaris - question of return value

Post by Jerome Allar » Fri, 17 Sep 1999 04:00:00



Hello,

I am working on BSM trail analysis.
I can't manage to get the return value of a program (or a unix command).

After a process is executed I have in my file :
- event AUE_EXECVE [
                       * header : ...
                       * path : <prog>
                       * attribute: ...
                       * subject : ...<pid>...
                       * return : success,0 ]
....
- event AUE_EXIT [
                       * header : ...
                       * subject : ...<pid>...
                       * return : success,0 ]
....
Whatever is the return value of my program.
For instance with a C program essai of the form :
            ...
                main {
                            ...
                            exit(2);
                    }
With a shell :
            % echo $?
I have 2.But in my log file I still have return : success,0.

Is it possible (and how?) to get this return value from my log file ?

                    Thanks.

                                GG

Je fais de l'analyse de log BSM et je n'arrive pas rcuprer le code
de retour d'un programme ou d'une commande unix lance

 
 
 
Top

1. Default return value for when return() is not explicitly used on SC5.0

I wrote the routine below to test some code in one of our
applications. This snippet exactly mirrors what is happening in our
real code. It was compiled on a sun-4 ultra platfrom using SC5.0 under
Solaris 5.6. If I pass the integer value of 2 as the first arguement
then control falls through the switch statement, and out of the
routine without explicitly returning any value. The compiler does not
report this as either a warning or an error. So far I have not been
unable to find anywhere in the documentation that specifies what the
return value from a routine will be if it is not explicitly given a
value to return. In my test, I wrote a short main to pass the values
(1,1), (1,2), and(2,1) to switchTest(int, int). The first 2 calls
returned the predictable results of TRUE and FALSE. The third call
also returned a FALSE, but that does not satisfy me that the return
value will always be FALSE.

bool switchTest(int num, int num2)
{
  switch(num) {
    case 1:
      switch(num2) {
      case 1:
        printf("CASE 1: Num = %d, Num2 = %d\n", num, num2);
        return(TRUE);
        break;
      default:
        printf("DEFAULT CASE: Num = %d, Num2 = %d\n", num, num2);
        return(FALSE);
      }
  }

Does anybody have the precise information on what the behaviour for
this compiler is defined to be for this situation?

Nick

2. Linux stability?

3. Question about Solaris BSM and Auditd

4. Storix or Sysback?

5. setfs[ug]id syscall return value and include/linux/security.h question

6. Linux help

7. pclose() return value on solaris (8)

8. Help me install patches on 2.5.1!!! (It worked under 2.4)

9. GTK - Ask Y/N question & Get Return Value

10. Bourne shell question --> echoing return value?

11. value of a value question...

12. How does Solaris BSM aduit work?

13. BSM question


All times are UTC
Board index