From owner-freebsd-security@FreeBSD.ORG Sat Jul 14 05:21:33 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 101FE16A400 for ; Sat, 14 Jul 2007 05:21:33 +0000 (UTC) (envelope-from ml@os2.kiev.ua) Received: from deepvision.tsua.net (deepvision.tsua.net [212.40.43.22]) by mx1.freebsd.org (Postfix) with ESMTP id C470313C4B4 for ; Sat, 14 Jul 2007 05:21:32 +0000 (UTC) (envelope-from ml@os2.kiev.ua) Received: from 144-49-124-91.pool.ukrtel.net ([91.124.49.144] helo=samm.local) by deepvision.tsua.net with esmtpa (Exim 4.67 (FreeBSD)) (envelope-from ) id 1I9Zij-000BFV-23 for freebsd-security@freebsd.org; Sat, 14 Jul 2007 07:59:05 +0300 Message-ID: <46985815.3060308@os2.kiev.ua> Date: Sat, 14 Jul 2007 07:59:01 +0300 From: Alex Samorukov User-Agent: Thunderbird 2.0.0.0 (X11/20070524) MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: OpenBSM questions X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jul 2007 05:21:33 -0000 Hello I have some issues with OpenBSM which i cannot resolve, so i decided to ask there. 1) I found some bugs in the auditreduce utility and created patch for it - http://www.freebsd.org/cgi/query-pr.cgi?pr=114534. Please, someone from freebsd team - take it, i think its better to fix this before next release. 2) I found that when i`m using XDM as login manager with OpenBSM, all my audit events comes with subject -1, and becauseof this i cant filter them with audit_user policy. When i`m using console "login" all work as designed and i got logged in user in the subject. I think that xdm must be patched to support audit, i found audit code in the login sources. My be someone already did such patches? 3) All services running from rc scripts also using "-1" as their subject. How can i change subject for such programs? E.g. mysql work with myslq uid/gid and i want create special policy for the mysql in the audit_user file, but "subject" of such events is always "-1", so i cant do this. P.S. I`m using FreeBSD-STABLE.