diff options
author | wsalamon <wsalamon@FreeBSD.org> | 2006-09-01 11:45:40 +0000 |
---|---|---|
committer | wsalamon <wsalamon@FreeBSD.org> | 2006-09-01 11:45:40 +0000 |
commit | c62317c442340f5e4627b6020679dc03d49a3918 (patch) | |
tree | 17f9a899743e9577c2e64080d7c7f0a957fbe0f4 /sys/security/audit/audit_syscalls.c | |
parent | e279989d710de9f19f0e36445d579caea48bf429 (diff) | |
download | FreeBSD-src-c62317c442340f5e4627b6020679dc03d49a3918.zip FreeBSD-src-c62317c442340f5e4627b6020679dc03d49a3918.tar.gz |
Audit the argv and env vectors passed in on exec:
Add the argument auditing functions for argv and env.
Add kernel-specific versions of the tokenizer functions for the
arg and env represented as a char array.
Implement the AUDIT_ARGV and AUDIT_ARGE audit policy commands to
enable/disable argv/env auditing.
Call the argument auditing from the exec system calls.
Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
Diffstat (limited to 'sys/security/audit/audit_syscalls.c')
-rw-r--r-- | sys/security/audit/audit_syscalls.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index 8bd6ccb..eb18c76 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -190,16 +190,23 @@ auditon(struct thread *td, struct auditon_args *uap) udata.au_policy |= AUDIT_CNT; if (audit_panic_on_write_fail) udata.au_policy |= AUDIT_AHLT; + if (audit_argv) + udata.au_policy |= AUDIT_ARGV; + if (audit_arge) + udata.au_policy |= AUDIT_ARGE; break; case A_SETPOLICY: - if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT)) + if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV| + AUDIT_ARGE)) return (EINVAL); /* * XXX - Need to wake up waiters if the policy relaxes? */ audit_fail_stop = ((udata.au_policy & AUDIT_CNT) == 0); audit_panic_on_write_fail = (udata.au_policy & AUDIT_AHLT); + audit_argv = (udata.au_policy & AUDIT_ARGV); + audit_arge = (udata.au_policy & AUDIT_ARGE); break; case A_GETKMASK: |