0.73, "August Penguin", released

New release, lots of goodies, including:

* Added sctrace, an experimental strace(1) compatible tool based on
the syscalltrack framework. 'sctrace command' or 'sctrace -p pid'
will load rules matching the given executable (or pid) for all
supported system calls and log their invocation to the log file (or
log device).

* experimental logging device file, /dev/sct_log, and a utility to
control its behaviour, sct_logctrl. syscalltrack can now log system
call invocation either to syslog or directly to a device
file. Note that the format of information logged to the device file
will change in future versions (from text based to a binary
protocol).

* Fixed a bug in the automatic code generated for system call stubs
for system calls which have a pointer parameter. This bug exists in
older syscalltrack versions and while it's harmless, users are still
encouraged to upgrade.

* Fixed a bug in the kernel module reference counting code when
deleting a single rule. This code path wasn't in use until
recently.

* Fix wrong usage of size_t and other portability cleanups. Fix
strstream/stringstream usage to work with gcc version before 3 and
after 3.

* Support all of the IPC system calls (contributed by Gilad
Ben-Yossef).

* More new syscalls: execve, statfs, fstatfs, newstat, newlstat,
newfstat, getrusage, getgroups16, old_readdir and old_mmap.

* a proof-of-concept GUI tool, gtksct(1).

* new man pages, courtesy of Baruch Even for the debian package of
syscalltrack.

Posted by Muli Ben-Yehuda 2002-08-01

Log in to post a comment.