Audit the argv and env vectors passed in on exec:

  Add the argument auditing functions for argv and env.
  Add kernel-specific versions of the tokenizer functions for the
  arg and env represented as a char array.
  Implement the AUDIT_ARGV and AUDIT_ARGE audit policy commands to
  enable/disable argv/env auditing.
  Call the argument auditing from the exec system calls.

Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)

1 files changed, 6 insertions, 0 deletions

diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h
index 2dc61ec..f6cd17a 100644
--- a/sys/security/audit/audit_private.h
+++ b/sys/security/audit/audit_private.h
@@ -74,6 +74,8 @@ extern struct audit_fstat	audit_fstat;
 extern struct au_mask		audit_nae_mask;
 extern int			audit_panic_on_write_fail;
 extern int			audit_fail_stop;
+extern int			audit_argv;
+extern int			audit_arge;
 
 /*
  * Success/failure conditions for the conversion of a kernel audit record to
@@ -210,6 +212,10 @@ struct audit_record {
 	void *			ar_arg_svipc_addr;
 	struct posix_ipc_perm	ar_arg_pipc_perm;
 	union auditon_udata	ar_arg_auditon;
+	char			*ar_arg_argv;
+	int			ar_arg_argc;
+	char			*ar_arg_envv;
+	int			ar_arg_envc;
 	int			ar_arg_exitstatus;
 	int			ar_arg_exitretval;
 };