Potential Patch

[Darren J Moffat]

On Sat, 2004-07-24 at 09:35, Ben Lindstrom wrote:

> 10.3.x ships with BSM and looks to be compiled in by default, but is is
> not active on the OS/X desktop by default.  This may not be the case for
> OS/X Server version.

Thats very surprising to me, however I can't verify it since I don't
have acess to an OS/X system.

The BSM audit APIs were written by Sun and are very specific to Solaris
and the system calls that we have.  They were never part of any standard
or proposed standard.  I don't believe we (Sun) actually documented them
sufficiently enough for anyone to clone them just to use them, and even
then our docs are pretty poor/hard to use in this area.  The actual
audit events themselves and the data that gets recorded are sometimes
even specific to a given Solaris release.

I've looked in the Darwin CVS and they don't have the Solaris BSM audit
patch applied there. However I can't see any reason why Apple would add
that patch unless they had the support.

So are you really 100% sure that the sshd you were looking at was the
one that Apple shipped ?

-- 
Darren J Moffat