Date: Mon, 17 Oct 2005 11:31:07 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 85424 for review Message-ID: <200510171131.j9HBV7o9053582@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=85424 Change 85424 by rwatson@rwatson_zoo on 2005/10/17 11:30:43 Minor white space tweaks. Annotate a minor multi-threading race, in which one thread can give up privilege while another thread modifies audit state, resulting in a possibly inconsistent condition. This may not be significant. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#4 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#4 (text+ko) ==== @@ -174,6 +174,7 @@ if (audit_panic_on_write_fail) udata.au_policy |= AUDIT_AHLT; break; + case A_SETPOLICY: if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT)) return (EINVAL); @@ -183,15 +184,19 @@ audit_fail_stop = ((udata.au_policy & AUDIT_CNT) == 0); audit_panic_on_write_fail = (udata.au_policy & AUDIT_AHLT); break; + case A_GETKMASK: udata.au_mask = audit_nae_mask; break; + case A_SETKMASK: audit_nae_mask = udata.au_mask; break; + case A_GETQCTRL: udata.au_qctrl = audit_qctrl; break; + case A_SETQCTRL: if ((udata.au_qctrl.aq_hiwater > AQ_MAXHIGH) || (udata.au_qctrl.aq_lowater >= udata.au_qctrl.aq_hiwater) || @@ -204,30 +209,38 @@ /* XXX The queue delay value isn't used with the kernel. */ audit_qctrl.aq_delay = -1; break; + case A_GETCWD: return (ENOSYS); break; + case A_GETCAR: return (ENOSYS); break; + case A_GETSTAT: return (ENOSYS); break; + case A_SETSTAT: return (ENOSYS); break; + case A_SETUMASK: return (ENOSYS); break; + case A_SETSMASK: return (ENOSYS); break; + case A_GETCOND: if (audit_enabled && !audit_suspended) udata.au_cond = AUC_AUDITING; else udata.au_cond = AUC_NOAUDIT; break; + case A_SETCOND: if (udata.au_cond == AUC_NOAUDIT) audit_suspended = 1; @@ -238,14 +251,17 @@ audit_shutdown(NULL, 0); } break; + case A_GETCLASS: udata.au_evclass.ec_class = au_event_class(udata.au_evclass.ec_number); break; + case A_SETCLASS: au_evclassmap_insert(udata.au_evclass.ec_number, udata.au_evclass.ec_class); break; + case A_GETPINFO: if (udata.au_aupinfo.ap_pid < 1) return (EINVAL); @@ -266,6 +282,7 @@ udata.au_aupinfo.ap_asid = tp->p_au->ai_asid; PROC_UNLOCK(tp); break; + case A_SETPMASK: if (udata.au_aupinfo.ap_pid < 1) return (EINVAL); @@ -280,25 +297,31 @@ udata.au_aupinfo.ap_mask.am_failure; PROC_UNLOCK(tp); break; + case A_SETFSIZE: if ((udata.au_fstat.af_filesz != 0) && (udata.au_fstat.af_filesz < MIN_AUDIT_FILE_SIZE)) return (EINVAL); audit_fstat.af_filesz = udata.au_fstat.af_filesz; break; + case A_GETFSIZE: udata.au_fstat.af_filesz = audit_fstat.af_filesz; udata.au_fstat.af_currsz = audit_fstat.af_currsz; break; + case A_GETPINFO_ADDR: return (ENOSYS); break; + case A_GETKAUDIT: return (ENOSYS); break; + case A_SETKAUDIT: return (ENOSYS); break; + case A_SENDTRIGGER: if ((udata.au_trigger < AUDIT_TRIGGER_MIN) || (udata.au_trigger > AUDIT_TRIGGER_MAX)) @@ -380,6 +403,8 @@ * XXXAUDIT: Might need locking to serialize audit events in the same * order as change events? Or maybe that's an under-solveable * problem. + * + * XXXRW: Test privilege while holding the proc lock? */ PROC_LOCK(td->td_proc); td->td_proc->p_au->ai_auid = id; @@ -428,6 +453,9 @@ audit_arg_auditinfo(&ai); + /* + * XXXRW: Test privilege while holding the proc lock? + */ PROC_LOCK(td->td_proc); *td->td_proc->p_au = ai; PROC_UNLOCK(td->td_proc); @@ -534,54 +562,63 @@ int audit(struct thread *td, struct audit_args *uap) { + return (ENOSYS); } int auditon(struct thread *td, struct auditon_args *uap) { + return (ENOSYS); } int getauid(struct thread *td, struct getauid_args *uap) { + return (ENOSYS); } int setauid(struct thread *td, struct setauid_args *uap) { + return (ENOSYS); } int getaudit(struct thread *td, struct getaudit_args *uap) { + return (ENOSYS); } int setaudit(struct thread *td, struct setaudit_args *uap) { + return (ENOSYS); } int getaudit_addr(struct thread *td, struct getaudit_addr_args *uap) { + return (ENOSYS); } int setaudit_addr(struct thread *td, struct setaudit_addr_args *uap) { + return (ENOSYS); } int auditctl(struct thread *td, struct auditctl_args *uap) { + return (ENOSYS); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510171131.j9HBV7o9053582>