PERFORCE change 91355 for review
Wayne Salamon
wsalamon at FreeBSD.org
Tue Feb 7 17:53:31 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=91355
Change 91355 by wsalamon at gretsch on 2006/02/08 01:53:04
When generating the process token, need to check whether the
process was sucessfully audited. Otherwise, generate the PID
token. This change covers the pid < 0 cases, and pid lookup
failure cases.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#13 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#8 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#13 (text+ko) ====
@@ -369,8 +369,9 @@
ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid;
ar->k_ar.ar_arg_asid = p->p_au->ai_asid;
ar->k_ar.ar_arg_termid = p->p_au->ai_termid;
+ ar->k_ar.ar_arg_pid = p->p_pid;
ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID |
- ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PROCESS);
+ ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PID | ARG_PROCESS);
}
void
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#8 (text+ko) ====
@@ -223,20 +223,17 @@
} while (0)
#define PROCESS_PID_TOKENS(argn) do { \
- if (ARG_IS_VALID(kar, ARG_PID)) { \
- if ((ar->ar_arg_pid > 0) /* Kill a single process */ \
- && (ARG_IS_VALID(kar, ARG_PROCESS))) { \
- tok = au_to_process(ar->ar_arg_auid, \
- ar->ar_arg_euid, ar->ar_arg_egid, \
- ar->ar_arg_ruid, ar->ar_arg_rgid, \
- ar->ar_arg_pid, ar->ar_arg_asid, \
- &ar->ar_arg_termid); \
- kau_write(rec, tok); \
- } else { \
- tok = au_to_arg32(argn, "process", \
- ar->ar_arg_pid); \
- kau_write(rec, tok); \
- } \
+ if ((ar->ar_arg_pid > 0) /* Reference a single process */ \
+ && (ARG_IS_VALID(kar, ARG_PROCESS))) { \
+ tok = au_to_process(ar->ar_arg_auid, \
+ ar->ar_arg_euid, ar->ar_arg_egid, \
+ ar->ar_arg_ruid, ar->ar_arg_rgid, \
+ ar->ar_arg_pid, ar->ar_arg_asid, \
+ &ar->ar_arg_termid); \
+ kau_write(rec, tok); \
+ } else if (ARG_IS_VALID(kar, ARG_PID)) { \
+ tok = au_to_arg32(argn, "process", ar->ar_arg_pid); \
+ kau_write(rec, tok); \
} \
} while (0) \
More information about the p4-projects
mailing list