diff options
author | wsalamon <wsalamon@FreeBSD.org> | 2006-09-01 11:45:40 +0000 |
---|---|---|
committer | wsalamon <wsalamon@FreeBSD.org> | 2006-09-01 11:45:40 +0000 |
commit | c62317c442340f5e4627b6020679dc03d49a3918 (patch) | |
tree | 17f9a899743e9577c2e64080d7c7f0a957fbe0f4 /sys/security/audit/audit_arg.c | |
parent | e279989d710de9f19f0e36445d579caea48bf429 (diff) | |
download | FreeBSD-src-c62317c442340f5e4627b6020679dc03d49a3918.zip FreeBSD-src-c62317c442340f5e4627b6020679dc03d49a3918.tar.gz |
Audit the argv and env vectors passed in on exec:
Add the argument auditing functions for argv and env.
Add kernel-specific versions of the tokenizer functions for the
arg and env represented as a char array.
Implement the AUDIT_ARGV and AUDIT_ARGE audit policy commands to
enable/disable argv/env auditing.
Call the argument auditing from the exec system calls.
Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
Diffstat (limited to 'sys/security/audit/audit_arg.c')
-rw-r--r-- | sys/security/audit/audit_arg.c | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c index 5da377f..ea569f7 100644 --- a/sys/security/audit/audit_arg.c +++ b/sys/security/audit/audit_arg.c @@ -763,6 +763,48 @@ audit_arg_vnode(struct vnode *vp, u_int64_t flags) } /* + * Audit the argument strings passed to exec. + */ +void +audit_arg_argv(char *argv, int argc, int length) +{ + struct kaudit_record *ar; + + if (audit_argv == 0) + return; + + ar = currecord(); + if (ar == NULL) + return; + + ar->k_ar.ar_arg_argv = malloc(length, M_AUDITTEXT, M_WAITOK); + bcopy(argv, ar->k_ar.ar_arg_argv, length); + ar->k_ar.ar_arg_argc = argc; + ARG_SET_VALID(ar, ARG_ARGV); +} + +/* + * Audit the environment strings passed to exec. + */ +void +audit_arg_envv(char *envv, int envc, int length) +{ + struct kaudit_record *ar; + + if (audit_arge == 0) + return; + + ar = currecord(); + if (ar == NULL) + return; + + ar->k_ar.ar_arg_envv = malloc(length, M_AUDITTEXT, M_WAITOK); + bcopy(envv, ar->k_ar.ar_arg_envv, length); + ar->k_ar.ar_arg_envc = envc; + ARG_SET_VALID(ar, ARG_ENVV); +} + +/* * The close() system call uses it's own audit call to capture the path/vnode * information because those pieces are not easily obtained within the system * call itself. |