diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-06-05 16:12:00 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-06-05 16:12:00 +0000 |
commit | bc4af4941556924c703f5b5fcbda8a3bb3ec7281 (patch) | |
tree | f2eb954b1bd84034a21e5c805c9c8e08f135e8d2 /sys/security | |
parent | 5f5215a6775a835ec48e3878bf37780898e9b893 (diff) | |
download | FreeBSD-src-bc4af4941556924c703f5b5fcbda8a3bb3ec7281.zip FreeBSD-src-bc4af4941556924c703f5b5fcbda8a3bb3ec7281.tar.gz |
When generating the process token, need to check whether the
process was sucessfully audited. Otherwise, generate the PID
token. This change covers the pid < 0 cases, and pid lookup
failure cases.
Submitted by: wsalamon
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/audit/audit_arg.c | 4 | ||||
-rw-r--r-- | sys/security/audit/audit_bsm.c | 25 |
2 files changed, 14 insertions, 15 deletions
diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c index 8cf85ba..32e317a 100644 --- a/sys/security/audit/audit_arg.c +++ b/sys/security/audit/audit_arg.c @@ -38,6 +38,7 @@ #include <sys/socketvar.h> #include <sys/protosw.h> #include <sys/domain.h> +#include <sys/sbuf.h> #include <sys/systm.h> #include <sys/un.h> #include <sys/vnode.h> @@ -370,8 +371,9 @@ audit_arg_process(struct proc *p) ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid; ar->k_ar.ar_arg_asid = p->p_au->ai_asid; ar->k_ar.ar_arg_termid = p->p_au->ai_termid; + ar->k_ar.ar_arg_pid = p->p_pid; ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID | - ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PROCESS); + ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PID | ARG_PROCESS); } void diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index a87bb24..b0854e7 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -223,20 +223,17 @@ kau_free(struct au_record *rec) } while (0) #define PROCESS_PID_TOKENS(argn) do { \ - if (ARG_IS_VALID(kar, ARG_PID)) { \ - if ((ar->ar_arg_pid > 0) /* Kill a single process */ \ - && (ARG_IS_VALID(kar, ARG_PROCESS))) { \ - tok = au_to_process(ar->ar_arg_auid, \ - ar->ar_arg_euid, ar->ar_arg_egid, \ - ar->ar_arg_ruid, ar->ar_arg_rgid, \ - ar->ar_arg_pid, ar->ar_arg_asid, \ - &ar->ar_arg_termid); \ - kau_write(rec, tok); \ - } else { \ - tok = au_to_arg32(argn, "process", \ - ar->ar_arg_pid); \ - kau_write(rec, tok); \ - } \ + if ((ar->ar_arg_pid > 0) /* Reference a single process */ \ + && (ARG_IS_VALID(kar, ARG_PROCESS))) { \ + tok = au_to_process(ar->ar_arg_auid, \ + ar->ar_arg_euid, ar->ar_arg_egid, \ + ar->ar_arg_ruid, ar->ar_arg_rgid, \ + ar->ar_arg_pid, ar->ar_arg_asid, \ + &ar->ar_arg_termid); \ + kau_write(rec, tok); \ + } else if (ARG_IS_VALID(kar, ARG_PID)) { \ + tok = au_to_arg32(argn, "process", ar->ar_arg_pid); \ + kau_write(rec, tok); \ } \ } while (0) \ |