From accf7ddf5a63498ebd3e20ebe7cae31e68c72a35 Mon Sep 17 00:00:00 2001 From: rwatson Date: Fri, 29 Dec 2006 10:49:13 +0000 Subject: Use p_cansee() to check that a target process for an audit state manipulation is visible to the subject process. Remove XXX comments suggesting this. Convert one XXX on a difference from Darwin into a note: it's not a bug, it's a feature. Obtained from: TrustedBSD Project --- sys/security/audit/audit_syscalls.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'sys/security') diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index 65772a8..1059a50 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -304,9 +304,12 @@ auditon(struct thread *td, struct auditon_args *uap) if (udata.au_aupinfo.ap_pid < 1) return (EINVAL); - /* XXXAUDIT: p_cansee()? */ if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL) return (EINVAL); + if (p_cansee(td, tp) != 0) { + PROC_UNLOCK(tp); + return (EINVAL); + } udata.au_aupinfo.ap_auid = tp->p_au->ai_auid; udata.au_aupinfo.ap_mask.am_success = @@ -324,9 +327,12 @@ auditon(struct thread *td, struct auditon_args *uap) if (udata.au_aupinfo.ap_pid < 1) return (EINVAL); - /* XXXAUDIT: p_cansee()? */ if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL) return (EINVAL); + if (p_cansee(td, tp) != 0) { + PROC_UNLOCK(tp); + return (EINVAL); + } tp->p_au->ai_mask.am_success = udata.au_aupinfo.ap_mask.am_success; @@ -570,7 +576,7 @@ auditctl(struct thread *td, struct auditctl_args *uap) * validity checks, and grab another reference to the current * credential. * - * XXXAUDIT: On Darwin, a NULL path is used to disable audit. + * On Darwin, a NULL path argument is also used to disable audit. */ if (uap->path == NULL) return (EINVAL); -- cgit v1.1