Author: rwatson
Date: Tue Nov 22 00:41:24 2016
New Revision: 308947
URL: https://svnweb.freebsd.org/changeset/base/308947
Log:
Audit 'fd' and 'cmd' arguments to fcntl(2), and when generating BSM,
always audit the file-descriptor number and vnode information for all
fnctl(2) commands, not just locking-related ones. This was likely an
oversight in the original adaptation of this code from XNU.
MFC after: 3 days
Sponsored by: DARPA, AFRL
Modified:
head/sys/kern/kern_descrip.c
head/sys/security/audit/audit_bsm.c
Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c Tue Nov 22 00:27:19 2016
(r308946)
+++ head/sys/kern/kern_descrip.c Tue Nov 22 00:41:24 2016
(r308947)
@@ -495,6 +495,8 @@ kern_fcntl(struct thread *td, int fd, in
p = td->td_proc;
fdp = p->p_fd;
+ AUDIT_ARG_FD(cmd);
+ AUDIT_ARG_CMD(cmd);
switch (cmd) {
case F_DUPFD:
tmp = arg;
Modified: head/sys/security/audit/audit_bsm.c
==============================================================================
--- head/sys/security/audit/audit_bsm.c Tue Nov 22 00:27:19 2016
(r308946)
+++ head/sys/security/audit/audit_bsm.c Tue Nov 22 00:41:24 2016
(r308947)
@@ -979,10 +979,7 @@ kaudit_to_bsm(struct kaudit_record *kar,
au_fcntl_cmd_to_bsm(ar->ar_arg_cmd));
kau_write(rec, tok);
}
- if (ar->ar_arg_cmd == F_GETLK || ar->ar_arg_cmd == F_SETLK ||
- ar->ar_arg_cmd == F_SETLKW) {
- FD_VNODE1_TOKENS;
- }
+ FD_VNODE1_TOKENS;
break;
case AUE_FCHFLAGS:
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
