Date: Mon, 25 Aug 2008 01:45:41 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 148315 for review Message-ID: <200808250145.m7P1jfSs007754@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=148315 Change 148315 by rwatson@rwatson_freebsd_capabilities on 2008/08/25 01:45:26 Audit extended file descriptor information for cap_new(2) so that we see information on the underlying object a capability is created for in the audit trail. Right now the utility functions in audit_bsm.c doesn't properly capture all of this in the BSM trail, which needs to be fixed. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#20 edit .. //depot/projects/trustedbsd/capabilities/src/sys/security/audit/audit_bsm.c#6 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#20 (text+ko) ==== @@ -50,7 +50,7 @@ #include "opt_capabilities.h" #include <sys/cdefs.h> -__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#19 $"); +__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#20 $"); #include <sys/param.h> #include <sys/capability.h> @@ -246,6 +246,8 @@ if (error) goto fail; + AUDIT_ARG(file, td->td_proc, fp); + /* * If a new capability is being derived from an existing capability, * then the new capability rights must be a subset of the existing ==== //depot/projects/trustedbsd/capabilities/src/sys/security/audit/audit_bsm.c#6 (text) ==== @@ -1423,10 +1423,10 @@ break; case AUE_CAP_NEW: - if (ARG_IS_VALID(kar, ARG_FD)) { - tok = au_to_arg32(1, "fd", ar->ar_arg_fd); - kau_write(rec, tok); - } + /* + * XXXRW: Would be nice to audit socket/etc information also. + */ + FD_VNODE1_TOKENS; if (ARG_IS_VALID(kar, ARG_RIGHTS)) { tok = au_to_arg64(2, "rights", ar->ar_arg_rights); kau_write(rec, tok);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808250145.m7P1jfSs007754>