cvs commit: src/usr.bin/su su.c

Ruslan Ermilov ru at freebsd.org
Tue Oct 24 08:48:01 UTC 2006


On Tue, Oct 24, 2006 at 08:18:10AM +0000, Maxim Sobolev wrote:
> sobomax     2006-10-24 08:18:10 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     usr.bin/su           su.c 
>   Log:
>   Ignore SIGSYS when BSM is compiled in. Otherwise, attempt to invoke su on
>   system that don't have audit framefork compiled into kernel or ia32 binary
>   on amd64 system will result in SIGSYS. There is one place in su.c itself
>   where it tries to check for errno != ENOSYS, but it has been a nop since su
>   does not catch SIGSYS anyway. There are few other places in libbsm,
>   where attempt to invoke audit syscal would result in SIGSYS if no audit
>   support is present in the kernel, so that the only reliable method for
>   now is to disable SIGSYS completely in the case when BSM is compiled in.
>   
>   In the long run, both direct invocation of audit-related syscalls and
>   libbsm should be made more intellegent to handle the case when BSM is not
>   compiled into the kernel gracefully.
>   
>   MFC after: 3 days
>              (provided re@ approval)
>   
>   Revision  Changes    Path
>   1.82      +2 -0      src/usr.bin/su/su.c
> 
I don't have "options AUDIT" compiled into my amd64/i386 kernels, and
"truss su" shows this (on amd64):

: geteuid()                                        = 0 (0x0)
: getauid(0x7fffffffe4fc)                          ERR#78 'Function not implemented'

The audit_syscalls.c is always compiled in:

: # grep audit_syscalls /sys/conf/files
: security/audit/audit_syscalls.c standard

And in the "#else /* !AUDIT *" case, it just returns ENOSYS:

: int
: getauid(struct thread *td, struct getauid_args *uap)
: {
: 
:         return (ENOSYS);
: }

How that could result in SIGSYS, I don't get it?


Cheers,
-- 
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20061024/21108547/attachment.pgp


More information about the cvs-src mailing list