PERFORCE change 85448 for review
John Baldwin
jhb at freebsd.org
Mon Oct 17 19:38:30 GMT 2005
On Monday 17 October 2005 11:42 am, Robert Watson wrote:
> http://perforce.freebsd.org/chv.cgi?CH=85448
>
> Change 85448 by rwatson at rwatson_zoo on 2005/10/17 15:41:26
>
> In execve(), audit the path name being executed. Annotate that it
> would also be good to audit the pathname of the interpreter, if
> any.
It's not a huge deal to do that you know, add the AUDITVNPATH1 flag to the
various name lookups in imgact_foo.c
> Affected files ...
>
> .. //depot/projects/trustedbsd/audit3/sys/kern/kern_exec.c#5 edit
>
> Differences ...
>
> ==== //depot/projects/trustedbsd/audit3/sys/kern/kern_exec.c#5 (text+ko)
> ====
>
> @@ -350,10 +350,13 @@
> /*
> * Translate the file name. namei() returns a vnode pointer
> * in ni_vp amoung other things.
> + *
> + * XXXAUDIT: It would be desirable to also audit the name of the
> + * interpreter if this is an interpreted binary.
> */
> ndp = &nd;
> - NDINIT(ndp, LOOKUP, ISOPEN | LOCKLEAF | FOLLOW | SAVENAME | MPSAFE,
> - UIO_SYSSPACE, args->fname, td);
> + NDINIT(ndp, LOOKUP, ISOPEN | LOCKLEAF | FOLLOW | SAVENAME | MPSAFE |
> + AUDITVNPATH1, UIO_SYSSPACE, args->fname, td);
>
> interpret:
> error = namei(ndp);
--
John Baldwin <jhb at FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve" = http://www.FreeBSD.org
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list