diff options
| author | wsalamon <wsalamon@FreeBSD.org> | 2006-02-06 00:32:33 +0000 |
|---|---|---|
| committer | wsalamon <wsalamon@FreeBSD.org> | 2006-02-06 00:32:33 +0000 |
| commit | d0c0ad55941eaea7358e3e41a2a18a38012336c4 (patch) | |
| tree | 4afa6c00563b4860fdfd2001833a152d9b45ab94 /sys/kern/kern_prot.c | |
| parent | c41a4863641aed4c7fe253f2310f0b2535348e65 (diff) | |
| download | FreeBSD-src-d0c0ad55941eaea7358e3e41a2a18a38012336c4.zip FreeBSD-src-d0c0ad55941eaea7358e3e41a2a18a38012336c4.tar.gz | |
Audit the arguments (user/group IDs) for the system calls that set these IDs.
Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
Diffstat (limited to 'sys/kern/kern_prot.c')
| -rw-r--r-- | sys/kern/kern_prot.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index e84825c..469659a 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -65,6 +65,8 @@ __FBSDID("$FreeBSD$"); #include <sys/socketvar.h> #include <sys/sysctl.h> +#include <security/audit/audit.h> + static MALLOC_DEFINE(M_CRED, "cred", "credentials"); SYSCTL_DECL(_security); @@ -496,6 +498,7 @@ setuid(struct thread *td, struct setuid_args *uap) int error; uid = uap->uid; + AUDIT_ARG(uid, uid); newcred = crget(); uip = uifind(uid); PROC_LOCK(p); @@ -609,6 +612,7 @@ seteuid(struct thread *td, struct seteuid_args *uap) int error; euid = uap->euid; + AUDIT_ARG(euid, euid); newcred = crget(); euip = uifind(euid); PROC_LOCK(p); @@ -665,6 +669,7 @@ setgid(struct thread *td, struct setgid_args *uap) int error; gid = uap->gid; + AUDIT_ARG(gid, gid); newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; @@ -765,6 +770,7 @@ setegid(struct thread *td, struct setegid_args *uap) int error; egid = uap->egid; + AUDIT_ARG(egid, egid); newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; @@ -823,6 +829,7 @@ setgroups(struct thread *td, struct setgroups_args *uap) crfree(tempcred); return (error); } + AUDIT_ARG(groupset, tempcred->cr_groups, ngrp); newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; @@ -891,6 +898,8 @@ setreuid(register struct thread *td, struct setreuid_args *uap) euid = uap->euid; ruid = uap->ruid; + AUDIT_ARG(euid, euid); + AUDIT_ARG(ruid, ruid); newcred = crget(); euip = uifind(euid); ruip = uifind(ruid); @@ -959,6 +968,8 @@ setregid(register struct thread *td, struct setregid_args *uap) egid = uap->egid; rgid = uap->rgid; + AUDIT_ARG(egid, egid); + AUDIT_ARG(rgid, rgid); newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; @@ -1029,6 +1040,9 @@ setresuid(register struct thread *td, struct setresuid_args *uap) euid = uap->euid; ruid = uap->ruid; suid = uap->suid; + AUDIT_ARG(euid, euid); + AUDIT_ARG(ruid, ruid); + AUDIT_ARG(suid, suid); newcred = crget(); euip = uifind(euid); ruip = uifind(ruid); @@ -1109,6 +1123,9 @@ setresgid(register struct thread *td, struct setresgid_args *uap) egid = uap->egid; rgid = uap->rgid; sgid = uap->sgid; + AUDIT_ARG(egid, egid); + AUDIT_ARG(rgid, rgid); + AUDIT_ARG(sgid, sgid); newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; |
