Date: Mon, 17 Oct 2005 15:42:27 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 85448 for review Message-ID: <200510171542.j9HFgRhI073994@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=85448 Change 85448 by rwatson@rwatson_zoo on 2005/10/17 15:41:26 In execve(), audit the path name being executed. Annotate that it would also be good to audit the pathname of the interpreter, if any. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/kern/kern_exec.c#5 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/kern/kern_exec.c#5 (text+ko) ==== @@ -350,10 +350,13 @@ /* * Translate the file name. namei() returns a vnode pointer * in ni_vp amoung other things. + * + * XXXAUDIT: It would be desirable to also audit the name of the + * interpreter if this is an interpreted binary. */ ndp = &nd; - NDINIT(ndp, LOOKUP, ISOPEN | LOCKLEAF | FOLLOW | SAVENAME | MPSAFE, - UIO_SYSSPACE, args->fname, td); + NDINIT(ndp, LOOKUP, ISOPEN | LOCKLEAF | FOLLOW | SAVENAME | MPSAFE | + AUDITVNPATH1, UIO_SYSSPACE, args->fname, td); interpret: error = namei(ndp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510171542.j9HFgRhI073994>