Date: Wed, 8 Feb 2006 13:11:37 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 91394 for review Message-ID: <200602081311.k18DBbd9092459@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=91394 Change 91394 by wsalamon@gretsch on 2006/02/08 13:11:28 Add items about clarifiying the interaction of naflags, current audit state, and what userspace might need to do. Also add item about kernel's audit state indicators. Affected files ... .. //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#5 edit Differences ... ==== //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#5 (text+ko) ==== @@ -75,3 +75,18 @@ kernel event mapping. Make the synchronization code a library function in OpenBSM so that the same code can be used in both auditd and the audit test suite. + +- Determine what the correct behavior should be for processes that +are started before audit is enabled: Should they be audited based +on naflags AFTER audit is enabled, or do they not get audited. + +- For programs that set the audit masks for authenticated users +(login, sshd, etc.) need to consider the audit off vs. audit +disabled (a temporary condition) state. Should the flags for +the process be set in the disabled state but not the off state? + +- Review the kernel audit_enabled and audit_suspended flags, making +sure they are used consistently, and they map to the exposed state +(AUC_DISABLED, AUC_AUDITING, and AUC_NOAUDIT). + +- Clearly document whatever is decided for the three items above.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602081311.k18DBbd9092459>