Date: Tue, 19 Sep 2006 13:22:58 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 106344 for review Message-ID: <200609191322.k8JDMwKR052009@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=106344 Change 106344 by rwatson@rwatson_zoo on 2006/09/19 13:22:42 Integrate TrustedBSD OpenBSM branch to audit3 user space -- primarily addition of audit_control(5) policy field and fixes to exec argument token processing. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#14 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#15 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#18 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_open.3#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#19 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#8 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#8 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/test/samples/execve-long-args.trail#1 branch Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#14 (text+ko) ==== @@ -24,7 +24,11 @@ - Update audump to print the audit_control policy field. - Update auditd to read the audit_control policy field and set the kernel policy to match it when configuring/reconfiguring. Remove the -s and -h - arguments as these policies are now set via the configuration file. + arguments as these policies are now set via the configuration file. If a + policy line is not found in the configuration file, continue with the + current default of setting AUDIT_CNT. +- Fix bugs in the parsing of large execve(2) arguments and environmental + variable tokens; increase maximum parsed argument and variable count. OpenBSM 1.0 alpha 10 @@ -237,4 +241,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#13 $ +$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#14 $ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#15 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#14 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#15 $ */ #include <sys/types.h> @@ -789,12 +789,22 @@ syslog(LOG_ERR, "Failed to obtain non-attributable event mask."); + /* + * If a policy is configured in audit_control(5), implement the + * policy. However, if one isn't defined, set AUDIT_CNT to avoid + * leaving the system in a fragile state. + */ if ((getacpol(polstr, POL_STR_SIZE) == 0) && (au_strtopol(polstr, &policy) == 0)) { if (auditon(A_SETPOLICY, &policy, sizeof(policy))) - syslog(LOG_ERR, "Failed to set audit policy."); - } else - syslog(LOG_ERR, "Failed to obtain policy flags."); + syslog(LOG_ERR, "Failed to set audit policy: %m"); + } else { + syslog(LOG_ERR, "Failed to obtain policy flags: %m"); + policy = AUDIT_CNT; + if (auditon(A_SETPOLICY, &policy, sizeof(policy))) + syslog(LOG_ERR, + "Failed to set default audit policy: %m"); + } return (0); } ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#18 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#17 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#18 $ */ #ifndef _LIBBSM_H_ @@ -37,9 +37,6 @@ * solely to allow OpenSSH to compile; Darwin/Apple code should not use them. */ -#define AUDIT_MAX_ARGS 10 -#define AUDIT_MAX_ENV 10 - #include <sys/types.h> #include <sys/cdefs.h> @@ -55,13 +52,25 @@ #include <mach/mach.h> /* audit_token_t */ #endif +/* + * Size parsed token vectors for execve(2) arguments and environmental + * variables. Note: changing these sizes affects the ABI of the token + * structure, and as the token structure is often placed in the caller stack, + * this is undesirable. + */ +#define AUDIT_MAX_ARGS 128 +#define AUDIT_MAX_ENV 128 + +/* + * Arguments to au_preselect(3). + */ +#define AU_PRS_USECACHE 0 +#define AU_PRS_REREAD 1 + #define AU_PRS_SUCCESS 1 #define AU_PRS_FAILURE 2 #define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) -#define AU_PRS_USECACHE 0 -#define AU_PRS_REREAD 1 - #define AUDIT_EVENT_FILE "/etc/security/audit_event" #define AUDIT_CLASS_FILE "/etc/security/audit_class" #define AUDIT_CONTROL_FILE "/etc/security/audit_control" ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_open.3#3 (text+ko) ==== @@ -23,16 +23,17 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_open.3#2 $ +.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_open.3#3 $ .\" .Dd March 4, 2006 .Dt AU_OPEN 3 .Os .Sh NAME +.Nm au_close , +.Nm au_close_buffer , +.Nm au_close_token , .Nm au_open , -.Nm au_write , -.Nm au_close , -.Nm au_close_buffer +.Nm au_write .Nd "Create and commit audit records" .Sh LIBRARY .Lb libbsm @@ -120,6 +121,7 @@ information in .Va errno . .Sh SEE ALSO +.Xr audit_submit 3 , .Xr libbsm 3 .Sh AUTHORS This software was created by Robert Watson, Wayne Salamon, and Suresh ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#19 (text+ko) ==== @@ -31,7 +31,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#18 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#19 $ */ #include <sys/types.h> @@ -1190,7 +1190,8 @@ for (i = 0; i < tok->tt.execarg.count; i++) { bptr = buf + tok->len; - tok->tt.execarg.text[i] = bptr; + if (i < AUDIT_MAX_ARGS) + tok->tt.execarg.text[i] = bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { @@ -1202,6 +1203,8 @@ return (-1); tok->len++; /* \0 character */ } + if (tok->tt.execarg.count > AUDIT_MAX_ARGS) + tok->tt.execarg.count = AUDIT_MAX_ARGS; return (0); } @@ -1235,9 +1238,10 @@ if (err) return (-1); - for (i = 0; i< tok->tt.execenv.count; i++) { + for (i = 0; i < tok->tt.execenv.count; i++) { bptr = buf + tok->len; - tok->tt.execenv.text[i] = bptr; + if (i < AUDIT_MAX_ENV) + tok->tt.execenv.text[i] = bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { @@ -1249,6 +1253,8 @@ return (-1); tok->len++; /* \0 character */ } + if (tok->tt.execenv.count > AUDIT_MAX_ENV) + tok->tt.execenv.count = AUDIT_MAX_ENV; return (0); } ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#8 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#7 $ +.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#8 $ .\" .Dd April 19, 2005 .Dt LIBBSM 3 @@ -55,15 +55,18 @@ .Xr au_notify 3 , .Xr au_stream 3 , .Xr au_token 3 , +and .Xr au_user 3 -man pages. +manual pages. .Ss Audit Event Stream Interfaces Audit event stream interfaces support interaction with file-backed audit event streams: -.Xr au_close 3 . +.Xr au_close 3 , +.Xr au_close_buffer 3 , .Xr au_free_token 3 , .Xr au_open 3 , .Xr au_write 3 , +.Xr audit_submit 3 . .Ss Audit Class Interfaces Audit class interfaces support the look up of information from the .Xr audit_class 5 @@ -83,7 +86,10 @@ .Xr getacdir 3 , .Xr getacflg 3 , .Xr getacmin 3 , -.Xr getacna 3 . +.Xr getacna 3 , +.Xr getacpol 3 , +.Xr au_poltostr 3 , +.Xr au_strtopol 3 . .Ss Audit Event Interfaces Audit event interfaces support the look up of information from the .Xr audit_event 5 @@ -188,6 +194,7 @@ .Xr au_stream 3 , .Xr au_token 3 , .Xr au_user 3 , +.Xr audit_submit 3 , .Xr audit_class 5 , .Xr audit_control 5 .Sh AUTHORS ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#8 (text+ko) ==== @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#7 $ +.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#8 $ .\" .Dd January 4, 2006 .Dt AUDIT_CONTROL 5 @@ -113,7 +113,7 @@ implemented on FreeBSD or Darwin). .It group Include supplementary groups list in generated audit records (not implemented -on FreeBSD or Darwin; supplementary groupsi are never included in records on +on FreeBSD or Darwin; supplementary groups are never included in records on these systems). .It trail Append a trailer token to each audit record (not implemented on FreeBSD or
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609191322.k8JDMwKR052009>