sample 5.3 based trusted os ;-)

Martin Englund Martin.Englund at Sun.COM
Fri Jan 21 22:14:21 GMT 2005



rwatson at FreeBSD.org wrote:

> Since we have your ear -- one of the ongoing concerns in the FreeBSD port
> of the Darwin audit parts has been the reliable generation of path names
> for file operations.  Path names seem like an unreliable thing at the best
> of times on most UNIX systems -- files with 0, 1, or more names, covered
> mount points, hard links, non-canonical names, etc.  How hard does Solaris
> try to generate "reliable" path names, and are the caveats and design
> choices in path name generation for Audit currently publicly documented
> somewhere?  Find "a name" is typically fairly straight forward, but
> presumably the real value in a path name is how consistently available and
> useful it is for post-processing -- knowing what applications consuming
> BSM audit streams expect would be very helpful in knowing just how hard to
> make the FreeBSD kernel try to generate a useful name.
>
We use a system call called resolvepath(2)[1] on all filenames before they 
end up in the audit tail, so all soft links gets resolved (the path token)

We also record the mode, owner, group, filesystem id, inode and device id
See the attribute token. (we use the statvfs(2)[2] system call) That way we 
can distinguish between hard linked files.

Then we can also enable the exec_args token, which lists exactly what 
arguments you passed to an exec(2). That helps you to spot when when 
someone invoked /bin/foo which is a soft link to /bin/bar.

[1] <http://docs.sun.com/app/docs/doc/816-5167/6mbb2jajv?a=view>
[2] <http://docs.sun.com/app/docs/doc/816-5167/6mbb2jald?a=view>

cheers,
/Martin
-- 
Martin Englund, Senior Network Security Engineer, Sun IT Security Office
Email: martin.englund at sun.com  Time Zone: MEST/UTC+1  PGP: 1024D/4CDCB50F
"The question is not if you are paranoid, it is if you are paranoid enough."
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message



More information about the trustedbsd-discuss mailing list