PERFORCE change 85458 for review
Robert Watson
rwatson at FreeBSD.org
Mon Oct 17 19:20:37 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=85458
Change 85458 by rwatson at rwatson_peppercorn on 2005/10/17 19:20:18
Audit the path passed to the acct() system call. Annotate that we
will need to add an argument token in the event that accounting is
being disabled by the system call.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/kern/kern_acct.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/kern/kern_acct.c#5 (text+ko) ====
@@ -143,7 +143,8 @@
* appending and make sure it's a 'normal'.
*/
if (uap->path != NULL) {
- NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
flags = FWRITE | O_APPEND;
error = vn_open(&nd, &flags, 0, -1);
if (error)
@@ -165,6 +166,9 @@
}
#ifdef MAC
} else {
+ /*
+ * XXXAUDIT: Need to audit that accounting is being disabled.
+ */
error = mac_check_system_acct(td->td_ucred, NULL);
if (error)
goto done2;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list