FreeBSD Mail Archives

Date:      Tue, 1 Dec 2020 19:34:46 +0000 (UTC)
From:      Gordon Tetlow <gordon@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject:   svn commit: r368249 - in releng: 12.1/sys/amd64/linux 12.1/sys/amd64/linux32 12.1/sys/arm64/linux 12.1/sys/compat/freebsd32 12.1/sys/i386/linux 12.1/sys/kern 12.2/sys/amd64/linux 12.2/sys/amd64/lin...
Message-ID:  <202012011934.0B1JYkm7003800@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: gordon
Date: Tue Dec  1 19:34:45 2020
New Revision: 368249
URL: https://svnweb.freebsd.org/changeset/base/368249

Log:
  Fix execve/fexecve system call auditing.
  
  Approved by:	so
  Security:	FreeBSD-EN-20:19.audit

Modified:
  releng/12.1/sys/amd64/linux/linux_machdep.c
  releng/12.1/sys/amd64/linux32/linux32_machdep.c
  releng/12.1/sys/arm64/linux/linux_machdep.c
  releng/12.1/sys/compat/freebsd32/freebsd32_misc.c
  releng/12.1/sys/i386/linux/linux_machdep.c
  releng/12.1/sys/kern/kern_exec.c
  releng/12.1/sys/kern/subr_syscall.c
  releng/12.2/sys/amd64/linux/linux_machdep.c
  releng/12.2/sys/amd64/linux32/linux32_machdep.c
  releng/12.2/sys/arm64/linux/linux_machdep.c
  releng/12.2/sys/compat/freebsd32/freebsd32_misc.c
  releng/12.2/sys/i386/linux/linux_machdep.c
  releng/12.2/sys/kern/kern_exec.c
  releng/12.2/sys/kern/subr_syscall.c

Modified: releng/12.1/sys/amd64/linux/linux_machdep.c
==============================================================================
--- releng/12.1/sys/amd64/linux/linux_machdep.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.1/sys/amd64/linux/linux_machdep.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -81,6 +81,8 @@ __FBSDID("$FreeBSD$");
 #include <x86/ifunc.h>
 #include <x86/sysarch.h>
 
+#include <security/audit/audit.h>
+
 #include <amd64/linux/linux.h>
 #include <amd64/linux/linux_proto.h>
 #include <compat/linux/linux_emul.h>
@@ -107,6 +109,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
 	free(path, M_TEMP);
 	if (error == 0)
 		error = linux_common_execve(td, &eargs);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 

Modified: releng/12.1/sys/amd64/linux32/linux32_machdep.c
==============================================================================
--- releng/12.1/sys/amd64/linux32/linux32_machdep.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.1/sys/amd64/linux32/linux32_machdep.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -69,6 +69,8 @@ __FBSDID("$FreeBSD$");
 #include <vm/vm.h>
 #include <vm/vm_map.h>
 
+#include <security/audit/audit.h>
+
 #include <compat/freebsd32/freebsd32_util.h>
 #include <amd64/linux32/linux.h>
 #include <amd64/linux32/linux32_proto.h>
@@ -143,6 +145,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
 	free(path, M_TEMP);
 	if (error == 0)
 		error = linux_common_execve(td, &eargs);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 

Modified: releng/12.1/sys/arm64/linux/linux_machdep.c
==============================================================================
--- releng/12.1/sys/arm64/linux/linux_machdep.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.1/sys/arm64/linux/linux_machdep.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -38,6 +38,8 @@ __FBSDID("$FreeBSD$");
 #include <sys/proc.h>
 #include <sys/sdt.h>
 
+#include <security/audit/audit.h>
+
 #include <arm64/linux/linux.h>
 #include <arm64/linux/linux_proto.h>
 #include <compat/linux/linux_dtrace.h>
@@ -74,6 +76,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
 	free(path, M_TEMP);
 	if (error == 0)
 		error = linux_common_execve(td, &eargs);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 

Modified: releng/12.1/sys/compat/freebsd32/freebsd32_misc.c
==============================================================================
--- releng/12.1/sys/compat/freebsd32/freebsd32_misc.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.1/sys/compat/freebsd32/freebsd32_misc.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -440,6 +440,7 @@ freebsd32_execve(struct thread *td, struct freebsd32_e
 	if (error == 0)
 		error = kern_execve(td, &eargs, NULL);
 	post_execve(td, error, oldvmspace);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 
@@ -460,6 +461,7 @@ freebsd32_fexecve(struct thread *td, struct freebsd32_
 		error = kern_execve(td, &eargs, NULL);
 	}
 	post_execve(td, error, oldvmspace);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 

Modified: releng/12.1/sys/i386/linux/linux_machdep.c
==============================================================================
--- releng/12.1/sys/i386/linux/linux_machdep.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.1/sys/i386/linux/linux_machdep.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -61,6 +61,8 @@ __FBSDID("$FreeBSD$");
 #include <vm/vm.h>
 #include <vm/vm_map.h>
 
+#include <security/audit/audit.h>
+
 #include <i386/linux/linux.h>
 #include <i386/linux/linux_proto.h>
 #include <compat/linux/linux_emul.h>
@@ -116,6 +118,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
 	free(newpath, M_TEMP);
 	if (error == 0)
 		error = linux_common_execve(td, &eargs);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 

Modified: releng/12.1/sys/kern/kern_exec.c
==============================================================================
--- releng/12.1/sys/kern/kern_exec.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.1/sys/kern/kern_exec.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -224,6 +224,7 @@ sys_execve(struct thread *td, struct execve_args *uap)
 	if (error == 0)
 		error = kern_execve(td, &args, NULL);
 	post_execve(td, error, oldvmspace);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 
@@ -251,6 +252,7 @@ sys_fexecve(struct thread *td, struct fexecve_args *ua
 		error = kern_execve(td, &args, NULL);
 	}
 	post_execve(td, error, oldvmspace);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 
@@ -279,6 +281,7 @@ sys___mac_execve(struct thread *td, struct __mac_execv
 	if (error == 0)
 		error = kern_execve(td, &args, uap->mac_p);
 	post_execve(td, error, oldvmspace);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 #else
 	return (ENOSYS);

Modified: releng/12.1/sys/kern/subr_syscall.c
==============================================================================
--- releng/12.1/sys/kern/subr_syscall.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.1/sys/kern/subr_syscall.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -133,6 +133,16 @@ syscallenter(struct thread *td)
 
 		AUDIT_SYSCALL_ENTER(sa->code, td);
 		error = (sa->callp->sy_call)(td, sa->args);
+
+		/*
+		 * Note that some syscall implementations (e.g., sys_execve)
+		 * will commit the audit record just before their final return.
+		 * These were done under the assumption that nothing of interest
+		 * would happen between their return and here, where we would
+		 * normally commit the audit record.  These assumptions will
+		 * need to be revisited should any substantial logic be added
+		 * above.
+		 */
 		AUDIT_SYSCALL_EXIT(error, td);
 
 		/* Save the latest error return value. */

Modified: releng/12.2/sys/amd64/linux/linux_machdep.c
==============================================================================
--- releng/12.2/sys/amd64/linux/linux_machdep.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.2/sys/amd64/linux/linux_machdep.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -81,6 +81,8 @@ __FBSDID("$FreeBSD$");
 #include <x86/ifunc.h>
 #include <x86/sysarch.h>
 
+#include <security/audit/audit.h>
+
 #include <amd64/linux/linux.h>
 #include <amd64/linux/linux_proto.h>
 #include <compat/linux/linux_emul.h>
@@ -107,6 +109,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
 	free(path, M_TEMP);
 	if (error == 0)
 		error = linux_common_execve(td, &eargs);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 

Modified: releng/12.2/sys/amd64/linux32/linux32_machdep.c
==============================================================================
--- releng/12.2/sys/amd64/linux32/linux32_machdep.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.2/sys/amd64/linux32/linux32_machdep.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -69,6 +69,8 @@ __FBSDID("$FreeBSD$");
 #include <vm/vm.h>
 #include <vm/vm_map.h>
 
+#include <security/audit/audit.h>
+
 #include <compat/freebsd32/freebsd32_util.h>
 #include <amd64/linux32/linux.h>
 #include <amd64/linux32/linux32_proto.h>
@@ -138,6 +140,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
 	free(path, M_TEMP);
 	if (error == 0)
 		error = linux_common_execve(td, &eargs);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 

Modified: releng/12.2/sys/arm64/linux/linux_machdep.c
==============================================================================
--- releng/12.2/sys/arm64/linux/linux_machdep.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.2/sys/arm64/linux/linux_machdep.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -38,6 +38,8 @@ __FBSDID("$FreeBSD$");
 #include <sys/proc.h>
 #include <sys/sdt.h>
 
+#include <security/audit/audit.h>
+
 #include <arm64/linux/linux.h>
 #include <arm64/linux/linux_proto.h>
 #include <compat/linux/linux_dtrace.h>
@@ -74,6 +76,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
 	free(path, M_TEMP);
 	if (error == 0)
 		error = linux_common_execve(td, &eargs);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 

Modified: releng/12.2/sys/compat/freebsd32/freebsd32_misc.c
==============================================================================
--- releng/12.2/sys/compat/freebsd32/freebsd32_misc.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.2/sys/compat/freebsd32/freebsd32_misc.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -440,6 +440,7 @@ freebsd32_execve(struct thread *td, struct freebsd32_e
 	if (error == 0)
 		error = kern_execve(td, &eargs, NULL);
 	post_execve(td, error, oldvmspace);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 
@@ -460,6 +461,7 @@ freebsd32_fexecve(struct thread *td, struct freebsd32_
 		error = kern_execve(td, &eargs, NULL);
 	}
 	post_execve(td, error, oldvmspace);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 

Modified: releng/12.2/sys/i386/linux/linux_machdep.c
==============================================================================
--- releng/12.2/sys/i386/linux/linux_machdep.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.2/sys/i386/linux/linux_machdep.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -61,6 +61,8 @@ __FBSDID("$FreeBSD$");
 #include <vm/vm.h>
 #include <vm/vm_map.h>
 
+#include <security/audit/audit.h>
+
 #include <i386/linux/linux.h>
 #include <i386/linux/linux_proto.h>
 #include <compat/linux/linux_emul.h>
@@ -111,6 +113,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
 	free(newpath, M_TEMP);
 	if (error == 0)
 		error = linux_common_execve(td, &eargs);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 

Modified: releng/12.2/sys/kern/kern_exec.c
==============================================================================
--- releng/12.2/sys/kern/kern_exec.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.2/sys/kern/kern_exec.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -224,6 +224,7 @@ sys_execve(struct thread *td, struct execve_args *uap)
 	if (error == 0)
 		error = kern_execve(td, &args, NULL);
 	post_execve(td, error, oldvmspace);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 
@@ -251,6 +252,7 @@ sys_fexecve(struct thread *td, struct fexecve_args *ua
 		error = kern_execve(td, &args, NULL);
 	}
 	post_execve(td, error, oldvmspace);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 }
 
@@ -279,6 +281,7 @@ sys___mac_execve(struct thread *td, struct __mac_execv
 	if (error == 0)
 		error = kern_execve(td, &args, uap->mac_p);
 	post_execve(td, error, oldvmspace);
+	AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
 	return (error);
 #else
 	return (ENOSYS);

Modified: releng/12.2/sys/kern/subr_syscall.c
==============================================================================
--- releng/12.2/sys/kern/subr_syscall.c	Tue Dec  1 19:34:44 2020	(r368248)
+++ releng/12.2/sys/kern/subr_syscall.c	Tue Dec  1 19:34:45 2020	(r368249)
@@ -142,6 +142,16 @@ syscallenter(struct thread *td)
 
 	AUDIT_SYSCALL_ENTER(sa->code, td);
 	error = (sa->callp->sy_call)(td, sa->args);
+
+	/*
+	 * Note that some syscall implementations (e.g., sys_execve)
+	 * will commit the audit record just before their final return.
+	 * These were done under the assumption that nothing of interest
+	 * would happen between their return and here, where we would
+	 * normally commit the audit record.  These assumptions will
+	 * need to be revisited should any substantial logic be added
+	 * above.
+	 */
 	AUDIT_SYSCALL_EXIT(error, td);
 
 	/* Save the latest error return value. */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012011934.0B1JYkm7003800>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation