d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
57274c513c
freebsd-dev/sys
History
Christian S.J. Peron 57274c513c Implement AUE_CORE, which adds process core dump support into the kernel. 
This change introduces audit_proc_coredump() which is called by coredump(9)
to create an audit record for the coredump event.  When a process
dumps a core, it could be security relevant.  It could be an indicator that
a stack within the process has been overflowed with an incorrectly constructed
malicious payload or a number of other events.

The record that is generated looks like this:

header,111,10,process dumped core,0,Thu Oct 25 19:36:29 2007, + 179 msec
argument,0,0xb,signal
path,/usr/home/csjp/test.core
subject,csjp,csjp,staff,csjp,staff,1101,1095,50457,10.37.129.2
return,success,1
trailer,111

- We allocate a completely new record to make sure we arent clobbering
  the audit data associated with the syscall that produced the core
  (assuming the core is being generated in response to SIGABRT  and not
  an invalid memory access).
- Shuffle around expand_name() so we can use the coredump name at the very
  beginning of the coredump call.  Make sure we free the storage referenced
  by "name" if we need to bail out early.
- Audit both successful and failed coredump creation efforts

Obtained from:	TrustedBSD Project
Reviewed by:	rwatson
MFC after:	1 month
2007-10-26 01:23:07 +00:00
..
amd64 Update copyright attribution. 2007-10-24 21:16:22 +00:00
arm Add an option to be able to override the value of the AT91 master clock 2007-10-25 23:02:42 +00:00
boot Fix signedness to make gcc happy. 2007-10-25 22:50:25 +00:00
bsm Merge OpenBSM 1.0 alpha 15 changes to src/sys/bsm: 2007-07-22 12:28:13 +00:00
cam Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
cddl Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
compat Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
conf Add an option to be able to override the value of the AT91 master clock 2007-10-25 23:02:42 +00:00
contrib Properly drop the pf mutex around all copyout (consistency still protected 2007-10-24 20:57:17 +00:00
crypto Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC 2007-07-03 12:13:45 +00:00
ddb Print the stack bounds of the thread. 2007-10-16 17:52:59 +00:00
dev More style nit. 2007-10-25 20:02:38 +00:00
fs Remove some debugging code that, while useful, doesn't belong in the committed 2007-10-25 08:23:08 +00:00
gdb Add kdb_cpu_sync_icache(), intended to synchronize instruction 2007-06-09 21:55:17 +00:00
geom First cut at support for booting a GPT labeled disk via the BIOS bootstrap 2007-10-24 21:33:00 +00:00
gnu Get rid of qaddr_t. 2007-10-16 10:54:55 +00:00
i4b Spelling fix for interupt -> interrupt 2007-10-12 06:03:46 +00:00
i386 Update copyright attribution. 2007-10-24 21:16:22 +00:00
ia64 Set PTE_ACCESSED in the PTE and before inserting it in the VHPT. 2007-10-16 03:20:32 +00:00
isa It seems that some i386 mothermoards either do not implement the 2007-07-27 09:34:42 +00:00
kern Implement AUE_CORE, which adds process core dump support into the kernel. 2007-10-26 01:23:07 +00:00
libkern Do not use __XSCALE__ to detect if clz is available, use _ARM_ARCH_5 instead. 2007-10-13 12:05:36 +00:00
modules Add Winchiphead (or Nanjin QinHeng Electronics) USB Serial converter driver. 2007-10-18 10:51:06 +00:00
net Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
net80211 silence complaint about not loading the wlan_scan_monitor module; 2007-10-24 20:20:41 +00:00
netatalk Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
netatm Disconnect netatm from the build as it is not MPSAFE and relies on 2007-07-14 21:49:24 +00:00
netgraph Fix build with NETGRAPH_DEBUG. 2007-10-19 20:09:58 +00:00
netinet Normalize TCP syncache-related MAC Framework entry points to match most 2007-10-25 14:37:37 +00:00
netinet6 Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
netipsec Fix for an infinite loop in processing ESP, IPv6 packets. 2007-09-12 05:54:53 +00:00
netipx Make tcpstates[] static, and make sure TCPSTATES is defined before 2007-07-30 11:06:42 +00:00
netnatm
netncp Commit 14/14 of sched_lock decomposition. 2007-06-05 00:00:57 +00:00
netsmb Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
nfs
nfs4client Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
nfsclient Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
nfsserver Rename mac_associate_nfsd_label() to mac_proc_associate_nfsd(), and move 2007-10-25 12:34:14 +00:00
opencrypto Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
pc98 Spelling fix for interupt -> interrupt 2007-10-12 06:03:46 +00:00
pccard
pci Oops, convert a tsleep() to a msleep() that was missed when adding locking 2007-10-15 16:18:20 +00:00
powerpc Cut over to ULE on PowerPC 2007-10-23 00:52:25 +00:00
rpc Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
security Implement AUE_CORE, which adds process core dump support into the kernel. 2007-10-26 01:23:07 +00:00
sparc64 - Fix the handling of R_SPARC_OLO10, which is a bit of a special case 2007-10-16 19:17:48 +00:00
sun4v Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
sys Change a tab back to a space between #define and __FreeBSD_version. 2007-10-25 17:39:19 +00:00
tools
ufs Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
vm Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
Makefile Complete repo-copy and move of Coda from src/sys/coda to src/sys/fs/coda 2007-07-12 21:04:58 +00:00