PERFORCE change 85443 for review
Robert Watson
rwatson at FreeBSD.org
Mon Oct 17 14:39:04 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=85443
Change 85443 by rwatson at rwatson_zoo on 2005/10/17 14:38:23
Audit the pid being requested in wait4(). Solaris appears not to
audit wait4(), so we don't currently model it on a standard BSM
audit record.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/kern/kern_exit.c#9 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#22 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/kern/kern_exit.c#9 (text+ko) ====
@@ -594,6 +594,8 @@
struct proc *p, *q, *t;
int error, nfound;
+ AUDIT_ARG(pid, pid);
+
q = td->td_proc;
if (pid == 0) {
PROC_LOCK(q);
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#22 (text+ko) ====
@@ -1018,6 +1018,11 @@
kau_write(rec, tok);
break;
+ case AUE_WAIT4:
+ tok = au_to_arg32(0, "pid", ar->ar_arg_pid);
+ kau_write(rec, tok);
+ break;
+
default: /* We shouldn't fall through to here. */
printf("BSM conversion requested for unknown event %d\n",
ar->ar_event);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list