Date: Sat, 21 Jan 2006 13:49:37 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 90076 for review Message-ID: <200601211349.k0LDnbJu082126@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=90076 Change 90076 by wsalamon@gretsch on 2006/01/21 13:48:47 Audit the monut() and unmount() system calls; nmount() still to come. For mount(), we copy in the user path explicitly for audit because there are many possible error exits before the path is normally copied in. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/kern/vfs_mount.c#6 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_mount.c#6 (text+ko) ==== @@ -58,6 +58,8 @@ #include <sys/systm.h> #include <sys/vnode.h> +#include <security/audit/audit.h> + #include <geom/geom.h> #include <machine/stdarg.h> @@ -366,6 +368,11 @@ int error; u_int iovcnt; + /* XXXAUDIT Audit is not complete for nmount() yet; need to create + * a new audit event. + */ + AUDIT_ARG(fflags, uap->flags); + /* Kick out MNT_ROOTFS early as it is legal internally */ if (uap->flags & MNT_ROOTFS) return (EINVAL); @@ -488,7 +495,6 @@ error = EINVAL; goto bail; } - /* * Be ultra-paranoid about making sure the type and fspath * variables will fit in our mp buffers, including the @@ -536,6 +542,8 @@ struct mntarg *ma = NULL; int error; + AUDIT_ARG(fflags, uap->flags); + /* Kick out MNT_ROOTFS early as it is legal internally */ uap->flags &= ~MNT_ROOTFS; @@ -545,11 +553,30 @@ fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); if (!error) { + /* Audit the fstype here, even though it will be copied + * again later. But if an error is detected, it won't get + * copied later, so grab as much info as possible. + */ + AUDIT_ARG(text, fstype); mtx_lock(&Giant); /* XXX ? */ vfsp = vfs_byname_kld(fstype, td, &error); mtx_unlock(&Giant); } free(fstype, M_TEMP); + +#ifdef AUDIT + { + /* Even though it will get captured again during vnode lookup, + * capture the user-supplied path here because there are several + * error-out cases before the lookup, or the lookup may fail. + */ + char *pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); + error = copyinstr(uap->path, pathbuf, MNAMELEN, NULL); + if (!error) + AUDIT_ARG(upath, td, pathbuf, ARG_UPATH1); + free(pathbuf, M_TEMP); + } +#endif if (error) return (error); if (vfsp == NULL) @@ -563,6 +590,12 @@ ma = mount_argb(ma, !(uap->flags & MNT_NOSUID), "nosuid"); ma = mount_argb(ma, !(uap->flags & MNT_NOEXEC), "noexec"); + /* Note that for auditing purposes, the we depend on the + * file system cmount function to call kernel_mount(), which + * calls vfs_donmount(), and that is where the user path and + * type information is copied into the kernel; only then can + * we capture the path information for auditing. + */ error = vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, uap->flags, td); return (error); } @@ -620,7 +653,8 @@ /* * Get vnode to be covered */ - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, fspath, td); + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, + fspath, td); if ((error = namei(&nd)) != 0) return (error); NDFREE(&nd, NDF_ONLY_PNBUF); @@ -845,6 +879,7 @@ free(pathbuf, M_TEMP); return (error); } + AUDIT_ARG(upath, td, pathbuf, ARG_UPATH1); if (uap->flags & MNT_BYFSID) { /* Decode the filesystem ID. */ if (sscanf(pathbuf, "FSID:%d:%d", &id0, &id1) != 2) { @@ -878,6 +913,21 @@ return ((uap->flags & MNT_BYFSID) ? ENOENT : EINVAL); } +#ifdef AUDIT + { + int vfslocked; + struct vnode *vp = mp->mnt_vnodecovered; + + if (vp != NULL) { + vfslocked = VFS_LOCK_GIANT(vp->v_mount); + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, vp, ARG_VNODE1); + VOP_UNLOCK(vp, 0, td); + VFS_UNLOCK_GIANT(vfslocked); + } + } +#endif + /* * Only privileged root, or (if MNT_USER is set) the user that did the * original mount is permitted to unmount this filesystem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601211349.k0LDnbJu082126>