PERFORCE change 85462 for review
Robert Watson
rwatson at FreeBSD.org
Mon Oct 17 19:38:03 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=85462
Change 85462 by rwatson at rwatson_peppercorn on 2005/10/17 19:37:34
For kill() and okillpg(), audit the target process (if just one), or
the pid if it's a broadcast. Note that we might want to audit
okillpg() as AUE_KILL, and if so, we'll need to negate the argument.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/kern/kern_sig.c#7 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/kern/kern_sig.c#7 (text+ko) ====
@@ -1399,12 +1399,14 @@
if ((p = zpfind(uap->pid)) == NULL)
return (ESRCH);
}
+ AUDIT_ARG(process, p);
error = p_cansignal(td, p, uap->signum);
if (error == 0 && uap->signum)
psignal(p, uap->signum);
PROC_UNLOCK(p);
return (error);
}
+ AUDIT_ARG(pid, uap->pid);
switch (uap->pid) {
case -1: /* broadcast signal */
return (killpg1(td, uap->signum, 0, 1));
@@ -1433,7 +1435,13 @@
register struct okillpg_args *uap;
{
+ /*
+ * XXXAUDIT: We might want to use AUE_KILL and -uap->pgid instead of
+ * this here. That would avoid using a non-BSM audit event type
+ * without losing much information.
+ */
AUDIT_ARG(signum, uap->signum);
+ AUDIT_ARG(pid, uap->pgid);
if ((u_int)uap->signum > _SIG_MAXSIG)
return (EINVAL);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list