From c62317c442340f5e4627b6020679dc03d49a3918 Mon Sep 17 00:00:00 2001 From: wsalamon Date: Fri, 1 Sep 2006 11:45:40 +0000 Subject: Audit the argv and env vectors passed in on exec: Add the argument auditing functions for argv and env. Add kernel-specific versions of the tokenizer functions for the arg and env represented as a char array. Implement the AUDIT_ARGV and AUDIT_ARGE audit policy commands to enable/disable argv/env auditing. Call the argument auditing from the exec system calls. Obtained from: TrustedBSD Project Approved by: rwatson (mentor) --- sys/security/audit/audit_syscalls.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'sys/security/audit/audit_syscalls.c') diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index 8bd6ccb..eb18c76 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -190,16 +190,23 @@ auditon(struct thread *td, struct auditon_args *uap) udata.au_policy |= AUDIT_CNT; if (audit_panic_on_write_fail) udata.au_policy |= AUDIT_AHLT; + if (audit_argv) + udata.au_policy |= AUDIT_ARGV; + if (audit_arge) + udata.au_policy |= AUDIT_ARGE; break; case A_SETPOLICY: - if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT)) + if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV| + AUDIT_ARGE)) return (EINVAL); /* * XXX - Need to wake up waiters if the policy relaxes? */ audit_fail_stop = ((udata.au_policy & AUDIT_CNT) == 0); audit_panic_on_write_fail = (udata.au_policy & AUDIT_AHLT); + audit_argv = (udata.au_policy & AUDIT_ARGV); + audit_arge = (udata.au_policy & AUDIT_ARGE); break; case A_GETKMASK: -- cgit v1.1