freebsd-dev/sys/kern
Christian S.J. Peron 57274c513c Implement AUE_CORE, which adds process core dump support into the kernel.
This change introduces audit_proc_coredump() which is called by coredump(9)
to create an audit record for the coredump event.  When a process
dumps a core, it could be security relevant.  It could be an indicator that
a stack within the process has been overflowed with an incorrectly constructed
malicious payload or a number of other events.

The record that is generated looks like this:

header,111,10,process dumped core,0,Thu Oct 25 19:36:29 2007, + 179 msec
argument,0,0xb,signal
path,/usr/home/csjp/test.core
subject,csjp,csjp,staff,csjp,staff,1101,1095,50457,10.37.129.2
return,success,1
trailer,111

- We allocate a completely new record to make sure we arent clobbering
  the audit data associated with the syscall that produced the core
  (assuming the core is being generated in response to SIGABRT  and not
  an invalid memory access).
- Shuffle around expand_name() so we can use the coredump name at the very
  beginning of the coredump call.  Make sure we free the storage referenced
  by "name" if we need to bail out early.
- Audit both successful and failed coredump creation efforts

Obtained from:	TrustedBSD Project
Reviewed by:	rwatson
MFC after:	1 month
2007-10-26 01:23:07 +00:00
..
bus_if.m o break newbus api: add a new argument of type driver_filter_t to 2007-02-23 12:19:07 +00:00
clock_if.m
cpufreq_if.m
device_if.m
genassym.sh
imgact_aout.c Correct two vm object reference leaks in error cases. 2006-03-16 08:51:59 +00:00
imgact_elf32.c
imgact_elf64.c
imgact_elf.c Rework the support for ABIs to override resource limits (used by 32-bit 2007-05-14 22:40:04 +00:00
imgact_gzip.c Maintain the lock on the vnode for most of exec_elfN_imgact(). 2005-12-24 04:57:50 +00:00
imgact_shell.c
inflate.c
init_main.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
init_sysent.c Regenerate. 2007-08-16 05:32:26 +00:00
kern_acct.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_alq.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_clock.c - Move all of the PS_ flags into either p_flag or td_flags. 2007-09-17 05:31:39 +00:00
kern_condvar.c Commit 2/14 of sched_lock decomposition. 2007-06-04 23:50:56 +00:00
kern_conf.c Revert destroy_dev() to the state before destroy_dev_sched() was introduced. 2007-07-05 13:04:59 +00:00
kern_context.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_cpu.c Always call sched_bind(), even if on the CPU in question. It is wrong to 2007-08-20 06:28:26 +00:00
kern_descrip.c Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
kern_environment.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_event.c Revert previous commits which I committed by mistake. 2007-07-14 21:23:31 +00:00
kern_exec.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_exit.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_fork.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_idle.c Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
kern_intr.c Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
kern_jail.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_kse.c - Move all of the PS_ flags into either p_flag or td_flags. 2007-09-17 05:31:39 +00:00
kern_kthread.c Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
kern_ktr.c Remove slightly oddly placed suser() call from the KTR/ALQ setup sysctl: 2006-09-09 16:09:01 +00:00
kern_ktrace.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_linker.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_lock.c Move lock_profile_object_{init,destroy}() into lock_{init,destroy}(). 2007-05-18 15:04:59 +00:00
kern_lockf.c Do not call free() while holding vnode interlock. 2007-08-07 09:04:50 +00:00
kern_malloc.c Use vm_offset_t for kmembase and kmemlimit rather than char *, avoiding 2007-06-27 13:39:38 +00:00
kern_mbuf.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_mib.c Revert VMCNT_* operations introduction. 2007-05-31 22:52:15 +00:00
kern_module.c Remove 'MPSAFE' annotations from the comments above most system calls: all 2007-03-04 22:36:48 +00:00
kern_mtxpool.c Universally adopt most conventional spelling of acquire. 2007-05-27 20:50:23 +00:00
kern_mutex.c - Remove the global definition of sched_lock in mutex.h to break 2007-07-18 20:46:06 +00:00
kern_ntptime.c Only require privilege to set the current time adjustment, not in order to 2007-06-14 18:37:58 +00:00
kern_physio.c
kern_pmc.c
kern_poll.c Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
kern_priv.c Continue kernel privilege cleanup for 7.0: unstaticize suser_enabled and 2007-07-02 14:03:29 +00:00
kern_proc.c - Redefine p_swtime and td_slptime as p_swtick and td_slptick. This 2007-09-21 04:10:23 +00:00
kern_prot.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_resource.c - Use ruxagg() in calcru() to make sure we have current tick information 2007-07-17 01:08:09 +00:00
kern_rwlock.c Fix some problems with lock profiling in rw locks: 2007-07-20 08:43:42 +00:00
kern_sema.c
kern_shutdown.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_sig.c Implement AUE_CORE, which adds process core dump support into the kernel. 2007-10-26 01:23:07 +00:00
kern_subr.c Commit 14/14 of sched_lock decomposition. 2007-06-05 00:00:57 +00:00
kern_switch.c - Fix ULE in kernels without PREEMPTION compiled in by always enabling the 2007-10-08 23:37:28 +00:00
kern_sx.c Fix sx_try_slock(), so it only fails when there is an exclusive owner. 2007-10-02 14:48:48 +00:00
kern_synch.c - Restore historical yield() behavior by manually lowering priority and 2007-10-08 23:40:40 +00:00
kern_syscalls.c Make system call modules a bit more robust: 2006-08-01 16:32:20 +00:00
kern_sysctl.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
kern_tc.c Despite several examples in the kernel, the third argument of 2007-06-04 18:25:08 +00:00
kern_thr.c Add thr_kill2 syscall which sends a signal to a thread in another process. 2007-08-16 05:26:42 +00:00
kern_thread.c - Call sched_sleep() before we suspend threads. sched_wakeup() is already 2007-09-21 04:04:22 +00:00
kern_time.c rufetch and calcru sometimes should be called atomically together. 2007-06-09 21:48:44 +00:00
kern_timeout.c Remove the definition and implementation of 'CALLOUT_NETGIANT', a now- (and 2007-09-15 12:33:24 +00:00
kern_umtx.c Backout experimental adaptive-spin umtx code. 2007-06-06 07:35:08 +00:00
kern_uuid.c Correct typo. 2007-04-23 12:53:00 +00:00
kern_xxx.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
ksched.c Commit 14/14 of sched_lock decomposition. 2007-06-05 00:00:57 +00:00
link_elf_obj.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
link_elf.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
linker_if.m
Make.tags.inc Remove netkey directory from cscope/TAGs generation and replace 2007-07-05 08:55:14 +00:00
Makefile - Remove UMAP filesystem. It was disconnected from build three years ago, 2007-06-25 05:06:57 +00:00
makesyscalls.sh Add support for COMPAT6 syscalls. 2007-07-04 22:38:28 +00:00
md4c.c
md5c.c Fix a panic on sparc64 related to inproper aligment - we cannot assume, 2006-03-30 18:45:50 +00:00
p1003_1b.c - Restore historical sched_yield() behavior by changing sched_relinquish() 2007-10-08 23:45:24 +00:00
posix4_mib.c Fix mispatch of includes list; allows my kernel to build successfully. 2006-11-12 03:34:03 +00:00
sched_4bsd.c - Restore historical sched_yield() behavior by changing sched_relinquish() 2007-10-08 23:45:24 +00:00
sched_ule.c Cut over to ULE on PowerPC 2007-10-23 00:52:25 +00:00
serdev_if.m MFp4: Add the ipend() method to the serdev I/F to allow umbrella 2006-04-23 22:12:39 +00:00
subr_acl_posix1e.c Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in 2007-06-12 00:12:01 +00:00
subr_autoconf.c Add a mutex to protect the list of interrupt config hooks. We do assume 2006-07-19 18:53:56 +00:00
subr_blist.c
subr_bus.c First in a series of changes to remove the now-unused Giant compatibility 2007-07-27 11:59:57 +00:00
subr_clist.c
subr_clock.c If clock_ct_to_ts fails to convert time time from the real time clock, 2007-07-23 09:42:32 +00:00
subr_devstat.c
subr_disk.c Add a new I/O request - BIO_FLUSH, which basically tells providers below to 2006-10-31 21:11:21 +00:00
subr_eventhandler.c
subr_fattime.c Better naming of fattime conversion functions, they do convert to timespec 2006-10-24 10:27:23 +00:00
subr_firmware.c Cleanup and document the implementation of firmware(9) based on 2007-02-15 17:21:31 +00:00
subr_hints.c Use a sleep mutex instead of an sx lock for the kernel environment. This 2006-07-09 21:42:58 +00:00
subr_kdb.c - Move all of the PS_ flags into either p_flag or td_flags. 2007-09-17 05:31:39 +00:00
subr_kobj.c Increment kobj_lookup_misses on a miss rather than decrementing it. 2005-12-29 18:00:42 +00:00
subr_lock.c Currently the LO_NOPROFILE flag (which is masked on upper level code by 2007-09-14 01:12:39 +00:00
subr_log.c
subr_mbpool.c Add parens around *free in *free++ in mbp_count() so that mbp_count() 2007-05-27 17:38:36 +00:00
subr_mchain.c
subr_module.c
subr_msgbuf.c
subr_param.c Export maxswzone, maxbcache, maxtsiz, dfldsiz, maxdsiz, dflssiz, maxssiz, 2007-10-16 10:40:53 +00:00
subr_pcpu.c
subr_power.c
subr_prf.c Instead of doing comparisons using the pcpu area to see if 2007-03-08 06:44:34 +00:00
subr_prof.c Commit 14/14 of sched_lock decomposition. 2007-06-05 00:00:57 +00:00
subr_rman.c Complete removal of restriction about overlaps to rman_manage_region: 2007-04-28 07:37:49 +00:00
subr_rtc.c Use utc_offset() where applicable, and hide the internals of it 2006-10-02 18:23:37 +00:00
subr_sbuf.c Make sbuf_copyin() return the number of bytes copied on success. 2005-12-23 11:49:53 +00:00
subr_scanf.c
subr_sleepqueue.c subr_sleepqueue.c presents a thread lock missing which leads to dangerous 2007-09-13 09:12:36 +00:00
subr_smp.c This is a follow-up, cleaning-up commit about recent changes involving 2007-09-11 22:54:09 +00:00
subr_stack.c Correct typos 2006-05-28 22:15:28 +00:00
subr_taskqueue.c Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
subr_trap.c - Move all of the PS_ flags into either p_flag or td_flags. 2007-09-17 05:31:39 +00:00
subr_turnstile.c - Include opt_sched.h for SCHED_STATS. 2007-06-12 23:27:31 +00:00
subr_unit.c Since cdev mutex is after system map mutex in global lock order, free() 2007-07-04 06:56:58 +00:00
subr_witness.c Fix some entries in the locks static table of witness. 2007-09-20 20:38:43 +00:00
sys_generic.c Add freebsd6_ wrappers for mmap/lseek/pread/pwrite/truncate/ftruncate 2007-07-04 22:57:21 +00:00
sys_pipe.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
sys_process.c - Fix from pr kern/115469; Don't redeliver a signal once it has been 2007-10-09 00:03:39 +00:00
sys_socket.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
syscalls.c Regenerate. 2007-08-16 05:32:26 +00:00
syscalls.master Put comments about syscalls by the correct ones, and use the correct syscall 2007-10-19 19:17:53 +00:00
systrace_args.c Regenerate. 2007-08-16 05:32:26 +00:00
sysv_ipc.c Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in 2007-06-12 00:12:01 +00:00
sysv_msg.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
sysv_sem.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
sysv_shm.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
tty_compat.c Move the old BSD4.3 tty compatibility from (!BURN_BRIDGES && COMPAT_43) 2006-01-10 09:19:10 +00:00
tty_conf.c
tty_cons.c Revert UF_OPENING workaround for CURRENT. 2007-05-31 11:51:53 +00:00
tty_pts.c Fix bad function type passed to destroy_dev_sched_cb(). 2007-07-05 05:54:47 +00:00
tty_pty.c Use make_dev_credf(MAKEDEV_REF) instead of make_dev() from pty clone handler. 2007-07-03 17:45:52 +00:00
tty_subr.c
tty_tty.c Lock Giant and proctree lock around dereferencing p_session->s_ttyvp->v_rdev. 2007-07-03 17:46:37 +00:00
tty.c ttyfree() frees the cdev(). But if there are pending kevents, 2007-07-20 09:41:54 +00:00
uipc_accf.c
uipc_cow.c
uipc_debug.c sblock() implements a sleep lock by interlocking SB_WANT and SB_LOCK flags 2007-05-03 14:42:42 +00:00
uipc_domain.c Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
uipc_mbuf2.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
uipc_mbuf.c This patch adds an M_NOFREE flag which allows one to mark an mbuf as 2007-10-06 21:42:39 +00:00
uipc_mqueue.c Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in 2007-06-12 00:12:01 +00:00
uipc_sem.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
uipc_sockbuf.c Set the NFS server sockbuf high watermarks to the system defaults 2007-10-12 03:56:27 +00:00
uipc_socket.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
uipc_syscalls.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
uipc_usrreq.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
vfs_acl.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
vfs_aio.c Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
vfs_bio.c Rename the kthread_xxx (e.g. kthread_create()) calls 2007-10-20 23:23:23 +00:00
vfs_cache.c Fix some locking cases where we ask for exclusively locked vnode, but we get 2007-09-21 10:16:56 +00:00
vfs_cluster.c - Move rusage from being per-process in struct pstats to per-thread in 2007-06-01 01:12:45 +00:00
vfs_default.c Since renaming of vop_lock to _vop_lock, pre- and post-condition 2007-05-18 13:02:13 +00:00
vfs_export.c Move vnode-to-file-handle translation from vfs_vptofh to vop_vptofh method. 2007-02-15 22:08:35 +00:00
vfs_extattr.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
vfs_hash.c Make insmntque() externally visibile and allow it to fail (e.g. during 2007-03-13 01:50:27 +00:00
vfs_init.c Remove VFS_VPTOFH entirely. API is already broken and it is good time to 2007-02-16 17:32:41 +00:00
vfs_lookup.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
vfs_mount.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
vfs_subr.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
vfs_syscalls.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
vfs_vnops.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
vnode_if.src Revert UF_OPENING workaround for CURRENT. 2007-05-31 11:51:53 +00:00