Date: Sat, 17 Apr 1999 03:19:26 +1000 From: Bruce Evans <bde@zeta.org.au> To: bde@zeta.org.au, robert+freebsd@cyrus.watson.org Cc: freebsd-security@FreeBSD.ORG, phk@critter.freebsd.dk Subject: Re: POSIX.1E auditing support, an initial pass and some questions Message-ID: <199904161719.DAA22310@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>> >I think it is an old thing, conserving kernel memory. Indeed it may >> >not make sense today where the vfs-name-cache is so much more efficient. >> >Changing it may be a PITA. >> >> I think it's just centralisation. The pathname is copied in in one place >> instead of in 100's of syscall functions. > >So the problem now is that we need to do different things with these >strings in different places for the purpose of context-sensitive auditing. >What do you recommend as the best way to get that string back again from >namei()? I assume that ktrace just relies on the sequential execution of >the syscall and the ordering of the NAMEI entries in the ktrace is really >just the order the namei()'s happen to take place in the source. For >auditing, we require a well-defined and consistent order, even if sections >of the source change order for some reason. I can't think of anything better thn depending on the order. This should work OK for most syscalls since most syscalls don't do much before calling namei(), and only call it once. For the others, if you log what they are doing before namei() then you may want to log the path before calling namei(). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904161719.DAA22310>