PERFORCE change 85448 for review
Robert Watson
rwatson at FreeBSD.org
Mon Oct 17 15:42:27 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=85448
Change 85448 by rwatson at rwatson_zoo on 2005/10/17 15:41:26
In execve(), audit the path name being executed. Annotate that it
would also be good to audit the pathname of the interpreter, if
any.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/kern/kern_exec.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/kern/kern_exec.c#5 (text+ko) ====
@@ -350,10 +350,13 @@
/*
* Translate the file name. namei() returns a vnode pointer
* in ni_vp amoung other things.
+ *
+ * XXXAUDIT: It would be desirable to also audit the name of the
+ * interpreter if this is an interpreted binary.
*/
ndp = &nd;
- NDINIT(ndp, LOOKUP, ISOPEN | LOCKLEAF | FOLLOW | SAVENAME | MPSAFE,
- UIO_SYSSPACE, args->fname, td);
+ NDINIT(ndp, LOOKUP, ISOPEN | LOCKLEAF | FOLLOW | SAVENAME | MPSAFE |
+ AUDITVNPATH1, UIO_SYSSPACE, args->fname, td);
interpret:
error = namei(ndp);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list