Date: Tue, 21 Feb 2006 04:09:10 GMT From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 92109 for review Message-ID: <200602210409.k1L49AOj083028@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=92109 Change 92109 by csjp@csjp_xor on 2006/02/21 04:09:03 CAPP says that failing to audit an auditable event should result in the event not happening. So, if auditing any of these events fails, terminate the process all together. Also, do not ignore au_write failures. This change needs to be made in the login(1) too. Affected files ... .. //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#11 edit Differences ... ==== //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#11 (text+ko) ==== @@ -650,13 +650,13 @@ return; syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", strerror(errno)); - return; + errx(1, "Permission denied"); } afd = au_open(); if (afd < 0) { syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", strerror(errno)); - return; + errx(1, "Permission denied"); } /* XXX what should we do for termid? */ bzero(&termid, sizeof(termid)); @@ -666,10 +666,13 @@ if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: unable to build subject token"); - return; + errx(1, "Permission denied"); + } + if (au_write(afd, token) < 0) { + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + errx(1, "Permission denied"); } - /* XXX what if au_fails? */ - (void) au_write(afd, token); if (fmt != NULL) { va_start(ap, fmt); (void) vsnprintf(&text[0], sizeof(text) - 1, fmt, ap); @@ -678,9 +681,13 @@ if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: failed to generate text token"); - return; + errx(1, "Permission denied"); + } + if (au_write(afd, token) < 0) { + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + errx(1, "Permission denied"); } - (void) au_write(afd, token); } switch (what) { case AUDIT_SU_FAILURE: @@ -693,10 +700,16 @@ if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: enable to build return token"); - return; + errx(1, "Permission denied"); + } + if (au_write(afd, token) < 0) { + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + errx(1, "Permission denied"); } - (void) au_write(afd, token); - if (au_close(afd, 1, AUE_su) < 0) + if (au_close(afd, 1, AUE_su) < 0) { syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); + errx(1, "Permission denied"); + } } #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602210409.k1L49AOj083028>