PERFORCE change 85458 for review
Robert Watson
rwatson at FreeBSD.org
Mon Oct 17 12:20:38 PDT 2005
http://perforce.freebsd.org/chv.cgi?CH=85458
Change 85458 by rwatson at rwatson_peppercorn on 2005/10/17 19:20:18
Audit the path passed to the acct() system call. Annotate that we
will need to add an argument token in the event that accounting is
being disabled by the system call.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/kern/kern_acct.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/kern/kern_acct.c#5 (text+ko) ====
@@ -143,7 +143,8 @@
* appending and make sure it's a 'normal'.
*/
if (uap->path != NULL) {
- NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
flags = FWRITE | O_APPEND;
error = vn_open(&nd, &flags, 0, -1);
if (error)
@@ -165,6 +166,9 @@
}
#ifdef MAC
} else {
+ /*
+ * XXXAUDIT: Need to audit that accounting is being disabled.
+ */
error = mac_check_system_acct(td->td_ucred, NULL);
if (error)
goto done2;
More information about the p4-projects
mailing list