diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-12-29 10:49:13 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-12-29 10:49:13 +0000 |
commit | accf7ddf5a63498ebd3e20ebe7cae31e68c72a35 (patch) | |
tree | 9f72c080c96620370aa034ea56181ee9d06a93ae | |
parent | b85d5220b05384203963bb9f1a26f650ac4f8b06 (diff) | |
download | FreeBSD-src-accf7ddf5a63498ebd3e20ebe7cae31e68c72a35.zip FreeBSD-src-accf7ddf5a63498ebd3e20ebe7cae31e68c72a35.tar.gz |
Use p_cansee() to check that a target process for an audit state
manipulation is visible to the subject process. Remove XXX comments
suggesting this.
Convert one XXX on a difference from Darwin into a note: it's not a
bug, it's a feature.
Obtained from: TrustedBSD Project
-rw-r--r-- | sys/security/audit/audit_syscalls.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index 65772a8..1059a50 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -304,9 +304,12 @@ auditon(struct thread *td, struct auditon_args *uap) if (udata.au_aupinfo.ap_pid < 1) return (EINVAL); - /* XXXAUDIT: p_cansee()? */ if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL) return (EINVAL); + if (p_cansee(td, tp) != 0) { + PROC_UNLOCK(tp); + return (EINVAL); + } udata.au_aupinfo.ap_auid = tp->p_au->ai_auid; udata.au_aupinfo.ap_mask.am_success = @@ -324,9 +327,12 @@ auditon(struct thread *td, struct auditon_args *uap) if (udata.au_aupinfo.ap_pid < 1) return (EINVAL); - /* XXXAUDIT: p_cansee()? */ if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL) return (EINVAL); + if (p_cansee(td, tp) != 0) { + PROC_UNLOCK(tp); + return (EINVAL); + } tp->p_au->ai_mask.am_success = udata.au_aupinfo.ap_mask.am_success; @@ -570,7 +576,7 @@ auditctl(struct thread *td, struct auditctl_args *uap) * validity checks, and grab another reference to the current * credential. * - * XXXAUDIT: On Darwin, a NULL path is used to disable audit. + * On Darwin, a NULL path argument is also used to disable audit. */ if (uap->path == NULL) return (EINVAL); |