From owner-p4-projects@FreeBSD.ORG Mon Oct 17 11:31:10 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E86BB16A421; Mon, 17 Oct 2005 11:31:09 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A71BB16A41F for ; Mon, 17 Oct 2005 11:31:09 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64D8C43D46 for ; Mon, 17 Oct 2005 11:31:09 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j9HBV9uN053585 for ; Mon, 17 Oct 2005 11:31:09 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j9HBV7o9053582 for perforce@freebsd.org; Mon, 17 Oct 2005 11:31:07 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 17 Oct 2005 11:31:07 GMT Message-Id: <200510171131.j9HBV7o9053582@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 85424 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2005 11:31:10 -0000 http://perforce.freebsd.org/chv.cgi?CH=85424 Change 85424 by rwatson@rwatson_zoo on 2005/10/17 11:30:43 Minor white space tweaks. Annotate a minor multi-threading race, in which one thread can give up privilege while another thread modifies audit state, resulting in a possibly inconsistent condition. This may not be significant. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#4 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#4 (text+ko) ==== @@ -174,6 +174,7 @@ if (audit_panic_on_write_fail) udata.au_policy |= AUDIT_AHLT; break; + case A_SETPOLICY: if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT)) return (EINVAL); @@ -183,15 +184,19 @@ audit_fail_stop = ((udata.au_policy & AUDIT_CNT) == 0); audit_panic_on_write_fail = (udata.au_policy & AUDIT_AHLT); break; + case A_GETKMASK: udata.au_mask = audit_nae_mask; break; + case A_SETKMASK: audit_nae_mask = udata.au_mask; break; + case A_GETQCTRL: udata.au_qctrl = audit_qctrl; break; + case A_SETQCTRL: if ((udata.au_qctrl.aq_hiwater > AQ_MAXHIGH) || (udata.au_qctrl.aq_lowater >= udata.au_qctrl.aq_hiwater) || @@ -204,30 +209,38 @@ /* XXX The queue delay value isn't used with the kernel. */ audit_qctrl.aq_delay = -1; break; + case A_GETCWD: return (ENOSYS); break; + case A_GETCAR: return (ENOSYS); break; + case A_GETSTAT: return (ENOSYS); break; + case A_SETSTAT: return (ENOSYS); break; + case A_SETUMASK: return (ENOSYS); break; + case A_SETSMASK: return (ENOSYS); break; + case A_GETCOND: if (audit_enabled && !audit_suspended) udata.au_cond = AUC_AUDITING; else udata.au_cond = AUC_NOAUDIT; break; + case A_SETCOND: if (udata.au_cond == AUC_NOAUDIT) audit_suspended = 1; @@ -238,14 +251,17 @@ audit_shutdown(NULL, 0); } break; + case A_GETCLASS: udata.au_evclass.ec_class = au_event_class(udata.au_evclass.ec_number); break; + case A_SETCLASS: au_evclassmap_insert(udata.au_evclass.ec_number, udata.au_evclass.ec_class); break; + case A_GETPINFO: if (udata.au_aupinfo.ap_pid < 1) return (EINVAL); @@ -266,6 +282,7 @@ udata.au_aupinfo.ap_asid = tp->p_au->ai_asid; PROC_UNLOCK(tp); break; + case A_SETPMASK: if (udata.au_aupinfo.ap_pid < 1) return (EINVAL); @@ -280,25 +297,31 @@ udata.au_aupinfo.ap_mask.am_failure; PROC_UNLOCK(tp); break; + case A_SETFSIZE: if ((udata.au_fstat.af_filesz != 0) && (udata.au_fstat.af_filesz < MIN_AUDIT_FILE_SIZE)) return (EINVAL); audit_fstat.af_filesz = udata.au_fstat.af_filesz; break; + case A_GETFSIZE: udata.au_fstat.af_filesz = audit_fstat.af_filesz; udata.au_fstat.af_currsz = audit_fstat.af_currsz; break; + case A_GETPINFO_ADDR: return (ENOSYS); break; + case A_GETKAUDIT: return (ENOSYS); break; + case A_SETKAUDIT: return (ENOSYS); break; + case A_SENDTRIGGER: if ((udata.au_trigger < AUDIT_TRIGGER_MIN) || (udata.au_trigger > AUDIT_TRIGGER_MAX)) @@ -380,6 +403,8 @@ * XXXAUDIT: Might need locking to serialize audit events in the same * order as change events? Or maybe that's an under-solveable * problem. + * + * XXXRW: Test privilege while holding the proc lock? */ PROC_LOCK(td->td_proc); td->td_proc->p_au->ai_auid = id; @@ -428,6 +453,9 @@ audit_arg_auditinfo(&ai); + /* + * XXXRW: Test privilege while holding the proc lock? + */ PROC_LOCK(td->td_proc); *td->td_proc->p_au = ai; PROC_UNLOCK(td->td_proc); @@ -534,54 +562,63 @@ int audit(struct thread *td, struct audit_args *uap) { + return (ENOSYS); } int auditon(struct thread *td, struct auditon_args *uap) { + return (ENOSYS); } int getauid(struct thread *td, struct getauid_args *uap) { + return (ENOSYS); } int setauid(struct thread *td, struct setauid_args *uap) { + return (ENOSYS); } int getaudit(struct thread *td, struct getaudit_args *uap) { + return (ENOSYS); } int setaudit(struct thread *td, struct setaudit_args *uap) { + return (ENOSYS); } int getaudit_addr(struct thread *td, struct getaudit_addr_args *uap) { + return (ENOSYS); } int setaudit_addr(struct thread *td, struct setaudit_addr_args *uap) { + return (ENOSYS); } int auditctl(struct thread *td, struct auditctl_args *uap) { + return (ENOSYS); }