PERFORCE change 75803 for review
Wayne Salamon
wsalamon at FreeBSD.org
Sat Apr 23 13:06:33 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=75803
Change 75803 by wsalamon at rickenbacker on 2005/04/23 13:06:32
Audit the fork(), vfork(), and rfork() system calls. Change the
test program to match, but comment out some unused bits for now.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/kern/kern_fork.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#7 edit
.. //depot/projects/trustedbsd/audit3/tools/regression/audit/test/process/tfork.c#3 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/kern/kern_fork.c#4 (text+ko) ====
@@ -139,6 +139,7 @@
if ((uap->flags & RFKERNELONLY) != 0)
return (EINVAL);
+ AUDIT_ARG(fflags, uap->flags);
error = fork1(td, uap->flags, 0, &p2);
if (error == 0) {
td->td_retval[0] = p2 ? p2->p_pid : 0;
@@ -412,6 +413,7 @@
p2 = newproc;
p2->p_state = PRS_NEW; /* protect against others */
p2->p_pid = trypid;
+ AUDIT_ARG(pid, p2->p_pid);
LIST_INSERT_HEAD(&allproc, p2, p_list);
LIST_INSERT_HEAD(PIDHASH(p2->p_pid), p2, p_hash);
sx_xunlock(&allproc_lock);
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#7 (text+ko) ====
@@ -672,6 +672,10 @@
FD_KPATH1_VNODE1_TOKENS;
break;
+ case AUE_RFORK:
+ tok = au_to_arg32(1, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ /* fall through */
case AUE_FORK:
case AUE_VFORK:
tok = au_to_arg32(0, "child PID", ar->ar_arg_pid);
==== //depot/projects/trustedbsd/audit3/tools/regression/audit/test/process/tfork.c#3 (text+ko) ====
@@ -26,6 +26,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <audittest.h>
+#include <unistd.h>
#include <sys/fcntl.h>
#include <sys/uio.h>
#include <sys/ktrace.h>
@@ -45,12 +46,14 @@
void sig_handler(int sig, siginfo_t *sip, struct sigcontext *scp) {
+#if 0
/* Generate an AUE_PTRACE record */
if (ptrace(PT_CONTINUE, child_pid, (caddr_t)1, SIGKILL) < 0) {
AUT_PERROR("ptrace(PT_CONTINUE)");
exit(1);
}
aut_assert(AUE_PTRACE);
+#endif
/* We don't want to see the child dies signal */
act.sa_handler = SIG_DFL;
sigaction(SIGCHLD, &act, NULL);
@@ -78,37 +81,60 @@
/* Generate an AUE_FORK record */
if ((child_pid = fork()) < 0)
AUT_PERROR("fork");
- aut_assert(AUE_FORK);
/* Generate a success AUE_EXECVE record */
if (child_pid == 0) {
execv("child", argv);
AUT_PERROR("child one did not execute");
}
+ aut_assert(AUE_FORK);
aut_assert(AUE_EXECVE);
+#if 0
/* Generate an AUE_PTRACE record */
if (ptrace(PT_ATTACH, child_pid, NULL, 0) < 0)
AUT_PERROR("ptrace(PT_ATTACH)");
aut_assert(AUE_PTRACE);
+#endif
while (wait(&status) != child_pid)
;
+#if 0
/* Generate a failure AUE_PTRACE record */
ptrace(PT_ATTACH, 0, NULL, 16384);
-
+#endif
/* Generate an AUE_VFORK record */
if ((child_pid = vfork()) < 0)
AUT_PERROR("vfork");
+
+ /* Generate another success AUE_EXECVE record */
+ if (child_pid == 0) {
+ execv("child", argv);
+ AUT_PERROR("child two did not execute");
+ }
aut_assert(AUE_VFORK);
+ aut_assert(AUE_EXECVE);
+
+ while (wait(&status) != child_pid)
+ ;
+ /* Generate an AUE_RFORK record */
+ if ((child_pid = rfork(RFPROC)) < 0)
+ AUT_PERROR("rfork");
+
/* Generate another success AUE_EXECVE record */
if (child_pid == 0) {
execv("child", argv);
AUT_PERROR("child two did not execute");
}
+ aut_assert(AUE_RFORK);
+ aut_assert(AUE_EXECVE);
+
+ while (wait(&status) != child_pid)
+ ;
+#if 0
if (open(ktrace_file, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR) < 0) {
AUT_PERROR("open of ktrace file");
exit(1);
@@ -121,7 +147,7 @@
/* Generate an AUE_KTRACE record with a bad filename */
ktrace("ANonExistentKtraceFile", KTROP_SET, KTRFAC_SYSCALL, child_pid);
-
+#endif
/* Generate another AUE_VFORK record */
if ((child_pid = vfork()) < 0)
AUT_PERROR("vfork");
@@ -130,6 +156,10 @@
if (child_pid == 0)
execv("aChildThatDoesntExist", argv);
+ aut_assert(AUE_VFORK);
+ /* A failure AUE_EXECVE record */
+ aut_assert(AUE_EXECVE);
+
unlink(ktrace_file);
aut_shutdown();
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list