diff options
| author | pjd <pjd@FreeBSD.org> | 2012-11-30 23:18:49 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2012-11-30 23:18:49 +0000 |
| commit | 632d7191a2034f3e655f731e7828c7ddd32bc0e5 (patch) | |
| tree | 689c46974acab0658b3c913c45fe97b40d9cf687 /sys/security/audit/audit_arg.c | |
| parent | 07398249f32ac853914c1fb2f42644d1dadf456f (diff) | |
| download | FreeBSD-src-632d7191a2034f3e655f731e7828c7ddd32bc0e5.zip FreeBSD-src-632d7191a2034f3e655f731e7828c7ddd32bc0e5.tar.gz | |
IFp4 @208451:
Fix path handling for *at() syscalls.
Before the change directory descriptor was totally ignored,
so the relative path argument was appended to current working
directory path and not to the path provided by descriptor, thus
wrong paths were stored in audit logs.
Now that we use directory descriptor in vfs_lookup, move
AUDIT_ARG_UPATH1() and AUDIT_ARG_UPATH2() calls to the place where
we hold file descriptors table lock, so we are sure paths will
be resolved according to the same directory in audit record and
in actual operation.
Sponsored by: FreeBSD Foundation (auditdistd)
Reviewed by: rwatson
MFC after: 2 weeks
Diffstat (limited to 'sys/security/audit/audit_arg.c')
| -rw-r--r-- | sys/security/audit/audit_arg.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c index f19375d..41d6b42 100644 --- a/sys/security/audit/audit_arg.c +++ b/sys/security/audit/audit_arg.c @@ -463,7 +463,8 @@ audit_arg_sockaddr(struct thread *td, struct sockaddr *sa) break; case AF_UNIX: - audit_arg_upath1(td, ((struct sockaddr_un *)sa)->sun_path); + audit_arg_upath1(td, AT_FDCWD, + ((struct sockaddr_un *)sa)->sun_path); ARG_SET_VALID(ar, ARG_SADDRUNIX); break; /* XXXAUDIT: default:? */ @@ -707,16 +708,16 @@ audit_arg_file(struct proc *p, struct file *fp) * freed when the audit record is freed. */ static void -audit_arg_upath(struct thread *td, char *upath, char **pathp) +audit_arg_upath(struct thread *td, int dirfd, char *upath, char **pathp) { if (*pathp == NULL) *pathp = malloc(MAXPATHLEN, M_AUDITPATH, M_WAITOK); - audit_canon_path(td, upath, *pathp); + audit_canon_path(td, dirfd, upath, *pathp); } void -audit_arg_upath1(struct thread *td, char *upath) +audit_arg_upath1(struct thread *td, int dirfd, char *upath) { struct kaudit_record *ar; @@ -724,12 +725,12 @@ audit_arg_upath1(struct thread *td, char *upath) if (ar == NULL) return; - audit_arg_upath(td, upath, &ar->k_ar.ar_arg_upath1); + audit_arg_upath(td, dirfd, upath, &ar->k_ar.ar_arg_upath1); ARG_SET_VALID(ar, ARG_UPATH1); } void -audit_arg_upath2(struct thread *td, char *upath) +audit_arg_upath2(struct thread *td, int dirfd, char *upath) { struct kaudit_record *ar; @@ -737,7 +738,7 @@ audit_arg_upath2(struct thread *td, char *upath) if (ar == NULL) return; - audit_arg_upath(td, upath, &ar->k_ar.ar_arg_upath2); + audit_arg_upath(td, dirfd, upath, &ar->k_ar.ar_arg_upath2); ARG_SET_VALID(ar, ARG_UPATH2); } |
