diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-11-06 13:42:10 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-11-06 13:42:10 +0000 |
commit | 10d0d9cf473dc5f0ce1bf263ead445ffe7819154 (patch) | |
tree | b9dd284620eeaddbff089cef10e4b1afb7918279 /sys/security/audit | |
parent | 7288104e2094825a9c98b9923f039817a76e2983 (diff) | |
download | FreeBSD-src-10d0d9cf473dc5f0ce1bf263ead445ffe7819154.zip FreeBSD-src-10d0d9cf473dc5f0ce1bf263ead445ffe7819154.tar.gz |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges. These may
require some future tweaking.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
Diffstat (limited to 'sys/security/audit')
-rw-r--r-- | sys/security/audit/audit.c | 4 | ||||
-rw-r--r-- | sys/security/audit/audit_pipe.c | 6 | ||||
-rw-r--r-- | sys/security/audit/audit_syscalls.c | 19 |
3 files changed, 16 insertions, 13 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c index bb6f929..c8121a0 100644 --- a/sys/security/audit/audit.c +++ b/sys/security/audit/audit.c @@ -42,6 +42,7 @@ #include <sys/malloc.h> #include <sys/mount.h> #include <sys/namei.h> +#include <sys/priv.h> #include <sys/proc.h> #include <sys/queue.h> #include <sys/socket.h> @@ -509,7 +510,8 @@ audit_syscall_enter(unsigned short code, struct thread *td) * audit record is still required for this event by * re-calling au_preselect(). */ - if (audit_in_failure && suser(td) != 0) { + if (audit_in_failure && + priv_check(td, PRIV_AUDIT_FAILSTOP) != 0) { cv_wait(&audit_fail_cv, &audit_mtx); panic("audit_failing_stop: thread continued"); } diff --git a/sys/security/audit/audit_pipe.c b/sys/security/audit/audit_pipe.c index 6bea514..3cc41ef 100644 --- a/sys/security/audit/audit_pipe.c +++ b/sys/security/audit/audit_pipe.c @@ -626,9 +626,9 @@ audit_pipe_clone(void *arg, struct ucred *cred, char *name, int namelen, } /* - * Audit pipe open method. Explicit suser check isn't used as this allows - * file permissions on the special device to be used to grant audit review - * access. + * Audit pipe open method. Explicit privilege check isn't used as this + * allows file permissions on the special device to be used to grant audit + * review access. Those file permissions should be managed carefully. */ static int audit_pipe_open(struct cdev *dev, int oflags, int devtype, struct thread *td) diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index fb55511..65772a8 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -32,6 +32,7 @@ #include <sys/param.h> #include <sys/mount.h> #include <sys/namei.h> +#include <sys/priv.h> #include <sys/proc.h> #include <sys/sysproto.h> #include <sys/systm.h> @@ -66,7 +67,7 @@ audit(struct thread *td, struct audit_args *uap) if (jailed(td->td_ucred)) return (ENOSYS); - error = suser(td); + error = priv_check(td, PRIV_AUDIT_SUBMIT); if (error) return (error); @@ -156,7 +157,7 @@ auditon(struct thread *td, struct auditon_args *uap) if (jailed(td->td_ucred)) return (ENOSYS); AUDIT_ARG(cmd, uap->cmd); - error = suser(td); + error = priv_check(td, PRIV_AUDIT_CONTROL); if (error) return (error); @@ -404,7 +405,7 @@ getauid(struct thread *td, struct getauid_args *uap) if (jailed(td->td_ucred)) return (ENOSYS); - error = suser(td); + error = priv_check(td, PRIV_AUDIT_GETAUDIT); if (error) return (error); @@ -428,7 +429,7 @@ setauid(struct thread *td, struct setauid_args *uap) if (jailed(td->td_ucred)) return (ENOSYS); - error = suser(td); + error = priv_check(td, PRIV_AUDIT_SETAUDIT); if (error) return (error); @@ -468,7 +469,7 @@ getaudit(struct thread *td, struct getaudit_args *uap) if (jailed(td->td_ucred)) return (ENOSYS); - error = suser(td); + error = priv_check(td, PRIV_AUDIT_GETAUDIT); if (error) return (error); @@ -489,7 +490,7 @@ setaudit(struct thread *td, struct setaudit_args *uap) if (jailed(td->td_ucred)) return (ENOSYS); - error = suser(td); + error = priv_check(td, PRIV_AUDIT_SETAUDIT); if (error) return (error); @@ -518,7 +519,7 @@ getaudit_addr(struct thread *td, struct getaudit_addr_args *uap) if (jailed(td->td_ucred)) return (ENOSYS); - error = suser(td); + error = priv_check(td, PRIV_AUDIT_GETAUDIT); if (error) return (error); return (ENOSYS); @@ -533,7 +534,7 @@ setaudit_addr(struct thread *td, struct setaudit_addr_args *uap) if (jailed(td->td_ucred)) return (ENOSYS); - error = suser(td); + error = priv_check(td, PRIV_AUDIT_SETAUDIT); if (error) return (error); return (ENOSYS); @@ -557,7 +558,7 @@ auditctl(struct thread *td, struct auditctl_args *uap) if (jailed(td->td_ucred)) return (ENOSYS); - error = suser(td); + error = priv_check(td, PRIV_AUDIT_CONTROL); if (error) return (error); |