diff options
author | csjp <csjp@FreeBSD.org> | 2006-09-17 17:52:57 +0000 |
---|---|---|
committer | csjp <csjp@FreeBSD.org> | 2006-09-17 17:52:57 +0000 |
commit | d271a339201865bf8e6b9972ae175529a0382651 (patch) | |
tree | e0678a975ebf26a2cc0524f678c60042bf18962d /sys | |
parent | 36d05684e77bc80a444da3110fb255b3a664aed9 (diff) | |
download | FreeBSD-src-d271a339201865bf8e6b9972ae175529a0382651.zip FreeBSD-src-d271a339201865bf8e6b9972ae175529a0382651.tar.gz |
Correct a slight regression which was introduced with the implementation of
audit pipes. If the kernel record was not selected for the trail or the pipe,
any user supplied record attached to it would be tossed away, resulting in
otherwise selected events being lost.
- Introduce two new masks: AR_PRESELECT_USER_TRAIL AR_PRESELECT_USER_PIPE,
currently we have AR_PRESELECT_TRAIL and AR_PRESELECT_PIPE, which tells
the audit worker that we are interested in the kernel record, with
the additional masks we can determine if either the pipe or trail is
interested in seeing the kernel or user record.
- In audit(2), we unconditionally set the AR_PRESELECT_USER_TRAIL and
AR_PRESELECT_USER_PIPE masks under the assumption that userspace has
done the preselection [1].
Currently, there is work being done that allows the kernel to parse and
preselect user supplied records, so in the future preselection could occur
in either layer. But there is still a few details to work out here.
[1] At some point we need to teach au_preselect(3) about the interests of
all the individual audit pipes.
This is a RELENG_6 candidate.
Reviewed by: rwatson
Obtained from: TrustedBSD Project
MFC after: 1 week
Diffstat (limited to 'sys')
-rw-r--r-- | sys/security/audit/audit.c | 4 | ||||
-rw-r--r-- | sys/security/audit/audit_private.h | 3 | ||||
-rw-r--r-- | sys/security/audit/audit_syscalls.c | 8 | ||||
-rw-r--r-- | sys/security/audit/audit_worker.c | 10 |
4 files changed, 20 insertions, 5 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c index 813d0fa..31b6178 100644 --- a/sys/security/audit/audit.c +++ b/sys/security/audit/audit.c @@ -396,8 +396,8 @@ audit_commit(struct kaudit_record *ar, int error, int retval) if (audit_pipe_preselect(auid, event, class, sorf, ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0) ar->k_ar_commit |= AR_PRESELECT_PIPE; - if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE)) == - 0) { + if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE | + AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE)) == 0) { mtx_lock(&audit_mtx); audit_pre_q_len--; mtx_unlock(&audit_mtx); diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h index f6cd17a..e232bcd 100644 --- a/sys/security/audit/audit_private.h +++ b/sys/security/audit/audit_private.h @@ -96,6 +96,9 @@ extern int audit_arge; #define AR_PRESELECT_TRAIL 0x00001000U #define AR_PRESELECT_PIPE 0x00002000U +#define AR_PRESELECT_USER_TRAIL 0x00004000U +#define AR_PRESELECT_USER_PIPE 0x00008000U + /* * Audit data is generated as a stream of struct audit_record structures, * linked by struct kaudit_record, and contain storage for possible audit so diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index eb18c76..03884b2 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -118,6 +118,14 @@ audit(struct thread *td, struct audit_args *uap) ar->k_udata = rec; ar->k_ulen = uap->length; ar->k_ar_commit |= AR_COMMIT_USER; + + /* + * Currently we assume that all preselection has been performed in + * userspace. We unconditionally set these masks so that the records + * get committed both to the trail and pipe. In the future we will + * want to setup kernel based preselection. + */ + ar->k_ar_commit |= (AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE); return (0); free_out: diff --git a/sys/security/audit/audit_worker.c b/sys/security/audit/audit_worker.c index d4cef64..cfe46fa 100644 --- a/sys/security/audit/audit_worker.c +++ b/sys/security/audit/audit_worker.c @@ -323,7 +323,7 @@ audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred, int sorf; if ((ar->k_ar_commit & AR_COMMIT_USER) && - (ar->k_ar_commit & AR_PRESELECT_TRAIL)) { + (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) { error = audit_record_write(audit_vp, audit_cred, audit_td, ar->k_udata, ar->k_ulen); if (error && audit_panic_on_write_fail) @@ -331,11 +331,14 @@ audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred, else if (error) printf("audit_worker: write error %d\n", error); } + if ((ar->k_ar_commit & AR_COMMIT_USER) && - (ar->k_ar_commit & AR_PRESELECT_PIPE)) + (ar->k_ar_commit & AR_PRESELECT_USER_PIPE)) audit_pipe_submit_user(ar->k_udata, ar->k_ulen); - if (!(ar->k_ar_commit & AR_COMMIT_KERNEL)) + if (!(ar->k_ar_commit & AR_COMMIT_KERNEL) || + ((ar->k_ar_commit & AR_PRESELECT_PIPE) == 0 && + (ar->k_ar_commit & AR_PRESELECT_TRAIL) == 0)) return; auid = ar->k_ar.ar_subj_auid; @@ -372,6 +375,7 @@ audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred, printf("audit_worker: write error %d\n", error); } + if (ar->k_ar_commit & AR_PRESELECT_PIPE) audit_pipe_submit(auid, event, class, sorf, ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data, |