Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Jul 2009 16:56:56 +0000 (UTC)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r195247 - in head/sys: kern security/audit
Message-ID:  <200907011656.n61Guuii018456@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rwatson
Date: Wed Jul  1 16:56:56 2009
New Revision: 195247
URL: http://svn.freebsd.org/changeset/base/195247

Log:
  When auditing unmount(2), capture FSID arguments as regular text strings
  rather than as paths, which would lead to them being treated as relative
  pathnames and hence confusingly converted into absolute pathnames.
  
  Capture flags to unmount(2) via an argument token.
  
  Approved by:	re (audit argument blanket)
  MFC after:	3 days

Modified:
  head/sys/kern/vfs_mount.c
  head/sys/security/audit/audit_bsm.c

Modified: head/sys/kern/vfs_mount.c
==============================================================================
--- head/sys/kern/vfs_mount.c	Wed Jul  1 16:42:03 2009	(r195246)
+++ head/sys/kern/vfs_mount.c	Wed Jul  1 16:56:56 2009	(r195247)
@@ -1113,6 +1113,7 @@ unmount(td, uap)
 	char *pathbuf;
 	int error, id0, id1;
 
+	AUDIT_ARG_VALUE(uap->flags);
 	if (jailed(td->td_ucred) || usermount == 0) {
 		error = priv_check(td, PRIV_VFS_UNMOUNT);
 		if (error)
@@ -1125,9 +1126,9 @@ unmount(td, uap)
 		free(pathbuf, M_TEMP);
 		return (error);
 	}
-	AUDIT_ARG_UPATH(td, pathbuf, ARG_UPATH1);
 	mtx_lock(&Giant);
 	if (uap->flags & MNT_BYFSID) {
+		AUDIT_ARG_TEXT(pathbuf);
 		/* Decode the filesystem ID. */
 		if (sscanf(pathbuf, "FSID:%d:%d", &id0, &id1) != 2) {
 			mtx_unlock(&Giant);
@@ -1143,6 +1144,7 @@ unmount(td, uap)
 		}
 		mtx_unlock(&mountlist_mtx);
 	} else {
+		AUDIT_ARG_UPATH(td, pathbuf, ARG_UPATH1);
 		mtx_lock(&mountlist_mtx);
 		TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
 			if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0)

Modified: head/sys/security/audit/audit_bsm.c
==============================================================================
--- head/sys/security/audit/audit_bsm.c	Wed Jul  1 16:42:03 2009	(r195246)
+++ head/sys/security/audit/audit_bsm.c	Wed Jul  1 16:56:56 2009	(r195247)
@@ -1070,7 +1070,15 @@ kaudit_to_bsm(struct kaudit_record *kar,
 		break;
 
 	case AUE_UMOUNT:
+		if (ARG_IS_VALID(kar, ARG_VALUE)) {
+			tok = au_to_arg32(1, "flags", ar->ar_arg_value);
+			kau_write(rec, tok);
+		}
 		UPATH1_VNODE1_TOKENS;
+		if (ARG_IS_VALID(kar, ARG_TEXT)) {
+			tok = au_to_text(ar->ar_arg_text);
+			kau_write(rec, tok);
+		}
 		break;
 
 	case AUE_MSGCTL:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907011656.n61Guuii018456>