Date: Wed, 27 Jun 2007 17:01:15 +0000 (UTC) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/security/audit audit.h audit_arg.c audit_bsm.c audit_bsm_token.c audit_syscalls.c Message-ID: <200706271701.l5RH1Guj070989@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
csjp 2007-06-27 17:01:15 UTC
FreeBSD src repository
Modified files:
sys/security/audit audit.h audit_arg.c audit_bsm.c
audit_bsm_token.c audit_syscalls.c
Log:
- Add audit_arg_audinfo_addr() for auditing the arguments for setaudit_addr(2)
- In audit_bsm.c, make sure all the arguments: ARG_AUID, ARG_ASID, ARG_AMASK,
and ARG_TERMID{_ADDR} are valid before auditing their arguments. (This is done
for both setaudit and setaudit_addr.
- Audit the arguments passed to setaudit_addr(2)
- AF_INET6 does not equate to AU_IPv6. Change this in au_to_in_addr_ex() so the
audit token is created with the correct type. This fixes the processing of the
in_addr_ex token in users pace.
- Change the size of the token (as generated by the kernel) from 5*4 bytes to
4*4 bytes (the correct size of an ip6 address)
- Correct regression from ucred work which resulted in getaudit() not returning
E2BIG if the subject had an ip6 termid
- Correct slight regression in getaudit(2) which resulted in the size of a pointer
being passed instead of the size of the structure. (This resulted in invalid
auditinfo data being returned via getaudit(2))
Reviewed by: rwatson
Approved by: re@ (kensmith)
Obtained from: TrustedBSD Project
MFC after: 1 month
Revision Changes Path
1.14 +1 -0 src/sys/security/audit/audit.h
1.15 +22 -0 src/sys/security/audit/audit_arg.c
1.19 +35 -2 src/sys/security/audit/audit_bsm.c
1.14 +2 -2 src/sys/security/audit/audit_bsm_token.c
1.21 +7 -2 src/sys/security/audit/audit_syscalls.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706271701.l5RH1Guj070989>