svn commit: r195247 - in head/sys: kern security/audit

Wed Jul 1 16:56:57 UTC 2009

Author: rwatson
Date: Wed Jul  1 16:56:56 2009
New Revision: 195247
URL: http://svn.freebsd.org/changeset/base/195247

Log:
  When auditing unmount(2), capture FSID arguments as regular text strings
  rather than as paths, which would lead to them being treated as relative
  pathnames and hence confusingly converted into absolute pathnames.
  
  Capture flags to unmount(2) via an argument token.
  
  Approved by:	re (audit argument blanket)
  MFC after:	3 days

Modified:
  head/sys/kern/vfs_mount.c
  head/sys/security/audit/audit_bsm.c

Modified: head/sys/kern/vfs_mount.c
==============================================================================

--- head/sys/kern/vfs_mount.c	Wed Jul  1 16:42:03 2009	(r195246)
+++ head/sys/kern/vfs_mount.c	Wed Jul  1 16:56:56 2009	(r195247)
@@ -1113,6 +1113,7 @@ unmount(td, uap)
 	char *pathbuf;
 	int error, id0, id1;
 
+	AUDIT_ARG_VALUE(uap->flags);
 	if (jailed(td->td_ucred) || usermount == 0) {
 		error = priv_check(td, PRIV_VFS_UNMOUNT);
 		if (error)
@@ -1125,9 +1126,9 @@ unmount(td, uap)
 		free(pathbuf, M_TEMP);
 		return (error);
 	}
-	AUDIT_ARG_UPATH(td, pathbuf, ARG_UPATH1);
 	mtx_lock(&Giant);
 	if (uap->flags & MNT_BYFSID) {
+		AUDIT_ARG_TEXT(pathbuf);
 		/* Decode the filesystem ID. */
 		if (sscanf(pathbuf, "FSID:%d:%d", &id0, &id1) != 2) {
 			mtx_unlock(&Giant);
@@ -1143,6 +1144,7 @@ unmount(td, uap)
 		}
 		mtx_unlock(&mountlist_mtx);
 	} else {
+		AUDIT_ARG_UPATH(td, pathbuf, ARG_UPATH1);
 		mtx_lock(&mountlist_mtx);
 		TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
 			if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0)

Modified: head/sys/security/audit/audit_bsm.c
==============================================================================
--- head/sys/security/audit/audit_bsm.c	Wed Jul  1 16:42:03 2009	(r195246)
+++ head/sys/security/audit/audit_bsm.c	Wed Jul  1 16:56:56 2009	(r195247)
@@ -1070,7 +1070,15 @@ kaudit_to_bsm(struct kaudit_record *kar,
 		break;
 
 	case AUE_UMOUNT:
+		if (ARG_IS_VALID(kar, ARG_VALUE)) {
+			tok = au_to_arg32(1, "flags", ar->ar_arg_value);
+			kau_write(rec, tok);
+		}
 		UPATH1_VNODE1_TOKENS;
+		if (ARG_IS_VALID(kar, ARG_TEXT)) {
+			tok = au_to_text(ar->ar_arg_text);
+			kau_write(rec, tok);
+		}
 		break;
 
 	case AUE_MSGCTL:
