FreeBSD Mail Archives

Date:      Sun, 10 Jul 2016 08:04:02 +0000 (UTC)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r302514 - in head/sys: kern vm
Message-ID:  <201607100804.u6A842gr045943@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: rwatson
Date: Sun Jul 10 08:04:02 2016
New Revision: 302514
URL: https://svnweb.freebsd.org/changeset/base/302514

Log:
  Audit file-descriptor arguments to I/O system calls such as
  read(2), write(2), dup(2), and mmap(2).  This auditing is not
  required by the Common Criteria (and hence was not being
  performed), but is valuable in both contemporary live analysis
  and forensic use cases.
  
  MFC after:	3 days
  Sponsored by:	DARPA, AFRL

Modified:
  head/sys/kern/kern_descrip.c
  head/sys/kern/sys_generic.c
  head/sys/vm/vm_mmap.c

Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c	Sun Jul 10 04:33:16 2016	(r302513)
+++ head/sys/kern/kern_descrip.c	Sun Jul 10 08:04:02 2016	(r302514)
@@ -820,6 +820,9 @@ kern_dup(struct thread *td, u_int mode, 
 	MPASS((flags & ~(FDDUP_FLAG_CLOEXEC)) == 0);
 	MPASS(mode < FDDUP_LASTMODE);
 
+	AUDIT_ARG_FD(old);
+	/* XXXRW: if (flags & FDDUP_FIXED) AUDIT_ARG_FD2(new); */
+
 	/*
 	 * Verify we have a valid descriptor to dup from and possibly to
 	 * dup to. Unlike dup() and dup2(), fcntl()'s F_DUPFD should

Modified: head/sys/kern/sys_generic.c
==============================================================================
--- head/sys/kern/sys_generic.c	Sun Jul 10 04:33:16 2016	(r302513)
+++ head/sys/kern/sys_generic.c	Sun Jul 10 08:04:02 2016	(r302514)
@@ -363,6 +363,8 @@ dofileread(td, fd, fp, auio, offset, fla
 	struct uio *ktruio = NULL;
 #endif
 
+	AUDIT_ARG_FD(fd);
+
 	/* Finish zero length reads right here */
 	if (auio->uio_resid == 0) {
 		td->td_retval[0] = 0;
@@ -576,6 +578,7 @@ dofilewrite(td, fd, fp, auio, offset, fl
 	struct uio *ktruio = NULL;
 #endif
 
+	AUDIT_ARG_FD(fd);
 	auio->uio_rw = UIO_WRITE;
 	auio->uio_td = td;
 	auio->uio_offset = offset;

Modified: head/sys/vm/vm_mmap.c
==============================================================================
--- head/sys/vm/vm_mmap.c	Sun Jul 10 04:33:16 2016	(r302513)
+++ head/sys/vm/vm_mmap.c	Sun Jul 10 08:04:02 2016	(r302514)
@@ -74,6 +74,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/sysent.h>
 #include <sys/vmmeter.h>
 
+#include <security/audit/audit.h>
 #include <security/mac/mac_framework.h>
 
 #include <vm/vm.h>
@@ -206,6 +207,7 @@ sys_mmap(td, uap)
 	pos = uap->pos;
 
 	fp = NULL;
+	AUDIT_ARG_FD(uap->fd);
 
 	/*
 	 * Ignore old flags that used to be defined but did not do anything.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607100804.u6A842gr045943>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation