Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Nov 2016 00:41:25 +0000 (UTC)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r308947 - in head/sys: kern security/audit
Message-ID:  <201611220041.uAM0fP4n043070@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rwatson
Date: Tue Nov 22 00:41:24 2016
New Revision: 308947
URL: https://svnweb.freebsd.org/changeset/base/308947

Log:
  Audit 'fd' and 'cmd' arguments to fcntl(2), and when generating BSM,
  always audit the file-descriptor number and vnode information for all
  fnctl(2) commands, not just locking-related ones.  This was likely an
  oversight in the original adaptation of this code from XNU.
  
  MFC after:	3 days
  Sponsored by:	DARPA, AFRL

Modified:
  head/sys/kern/kern_descrip.c
  head/sys/security/audit/audit_bsm.c

Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c	Tue Nov 22 00:27:19 2016	(r308946)
+++ head/sys/kern/kern_descrip.c	Tue Nov 22 00:41:24 2016	(r308947)
@@ -495,6 +495,8 @@ kern_fcntl(struct thread *td, int fd, in
 	p = td->td_proc;
 	fdp = p->p_fd;
 
+	AUDIT_ARG_FD(cmd);
+	AUDIT_ARG_CMD(cmd);
 	switch (cmd) {
 	case F_DUPFD:
 		tmp = arg;

Modified: head/sys/security/audit/audit_bsm.c
==============================================================================
--- head/sys/security/audit/audit_bsm.c	Tue Nov 22 00:27:19 2016	(r308946)
+++ head/sys/security/audit/audit_bsm.c	Tue Nov 22 00:41:24 2016	(r308947)
@@ -979,10 +979,7 @@ kaudit_to_bsm(struct kaudit_record *kar,
 			    au_fcntl_cmd_to_bsm(ar->ar_arg_cmd));
 			kau_write(rec, tok);
 		}
-		if (ar->ar_arg_cmd == F_GETLK || ar->ar_arg_cmd == F_SETLK ||
-		    ar->ar_arg_cmd == F_SETLKW) {
-			FD_VNODE1_TOKENS;
-		}
+		FD_VNODE1_TOKENS;
 		break;
 
 	case AUE_FCHFLAGS:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611220041.uAM0fP4n043070>