Audit the arguments to the ptrace(2) system call.

Obtained from: TrustedBSD Project Approved by: rwatson (mentor)
author: wsalamon <wsalamon@FreeBSD.org> 2006-02-14 01:18:31 +0000
committer: wsalamon <wsalamon@FreeBSD.org> 2006-02-14 01:18:31 +0000
commit: 401b0cf725f80f6fe55e215726c52dfbcd199367 (patch)
tree: 14e5a476104bd9cc4f9acbfaecb6629cf9a40a88 /sys/kern/sys_process.c
parent: 5be18980546f1680c9e0ebc0f7993844d0dbbdc3 (diff)
download: FreeBSD-src-401b0cf725f80f6fe55e215726c52dfbcd199367.zip
FreeBSD-src-401b0cf725f80f6fe55e215726c52dfbcd199367.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index c3be1f6..eeb56a4 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -49,6 +49,8 @@ __FBSDID("$FreeBSD$");
 
 #include <machine/reg.h>
 
+#include <security/audit/audit.h>
+
 #include <vm/vm.h>
 #include <vm/pmap.h>
 #include <vm/vm_extern.h>
@@ -404,6 +406,10 @@ ptrace(struct thread *td, struct ptrace_args *uap)
 	if (td->td_proc->p_sysent == &ia32_freebsd_sysvec)
 		wrap32 = 1;
 #endif
+	AUDIT_ARG(pid, uap->pid);
+	AUDIT_ARG(cmd, uap->req);
+	AUDIT_ARG(addr, uap->addr);
+	AUDIT_ARG(value, uap->data);
 	addr = &r;
 	switch (uap->req) {
 	case PT_GETREGS:
@@ -551,6 +557,7 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
 			pid = p->p_pid;
 		}
 	}
+	AUDIT_ARG(process, p);
 	if ((error = p_cansee(td, p)) != 0)
 		goto fail;
author	wsalamon <wsalamon@FreeBSD.org>	2006-02-14 01:18:31 +0000
committer	wsalamon <wsalamon@FreeBSD.org>	2006-02-14 01:18:31 +0000
commit	401b0cf725f80f6fe55e215726c52dfbcd199367 (patch)
tree	14e5a476104bd9cc4f9acbfaecb6629cf9a40a88 /sys/kern/sys_process.c
parent	5be18980546f1680c9e0ebc0f7993844d0dbbdc3 (diff)
download	FreeBSD-src-401b0cf725f80f6fe55e215726c52dfbcd199367.zip FreeBSD-src-401b0cf725f80f6fe55e215726c52dfbcd199367.tar.gz