new goo for acct.h struct?

Kevin Johnson (kjj@primenet.com)
Mon, 24 Jun 1996 22:22:52 -0700


I'd like to bounce around an idea.

This has always bugged me, maybe it's bugged you...

Currently, the standard acct struct in acct.h doesn't include pid and
ppid. Considering that the structure was originally intended for process
accounting and chargebacks (and the like), this was understandable.

Adding these two fields seems like a lightweight way to get some
additional logging useful for security analysis without alot of work.

It looks like the only side-effect to adding these two fields is that
existing progs that use the struct to read acct files would need to be
recompiled.

Any comments?

Ideally, the ac_comm field should be replaced with something that
includes the command-line args, but I'll leave that discussion for
another day. ;-)

--
thx,
kjj