When generating the process token, need to check whether the

process was sucessfully audited. Otherwise, generate the PID token. This change covers the pid < 0 cases, and pid lookup failure cases. Submitted by: wsalamon Obtained from: TrustedBSD Project
2006-06-05 16:12:00 +00:00 · 2006-06-05 16:12:00 +00:00 · 5619113c96
commit 5619113c96
parent 31ee80d88a
2 changed files with 14 additions and 15 deletions
--- a/sys/security/audit/audit_arg.c
+++ b/sys/security/audit/audit_arg.c
@ -38,6 +38,7 @@
 #include <sys/socketvar.h>
 #include <sys/protosw.h>
 #include <sys/domain.h>
+#include <sys/sbuf.h>
 #include <sys/systm.h>
 #include <sys/un.h>
 #include <sys/vnode.h>
@ -370,8 +371,9 @@ audit_arg_process(struct proc *p)
 	ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid;
 	ar->k_ar.ar_arg_asid = p->p_au->ai_asid;
 	ar->k_ar.ar_arg_termid = p->p_au->ai_termid;
+	ar->k_ar.ar_arg_pid = p->p_pid;
 	ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID |
-	    ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PROCESS);
+	    ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PID | ARG_PROCESS);
 }

 void
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@ -223,20 +223,17 @@ kau_free(struct au_record *rec)
 } while (0)

 #define PROCESS_PID_TOKENS(argn) do {					\
-	if (ARG_IS_VALID(kar, ARG_PID)) {				\
-		if ((ar->ar_arg_pid > 0) /* Kill a single process */	\
-		    && (ARG_IS_VALID(kar, ARG_PROCESS))) {		\
-			tok = au_to_process(ar->ar_arg_auid,		\
-			    ar->ar_arg_euid, ar->ar_arg_egid,		\
-			    ar->ar_arg_ruid, ar->ar_arg_rgid,		\
-			    ar->ar_arg_pid, ar->ar_arg_asid,		\
-			    &ar->ar_arg_termid);			\
-			kau_write(rec, tok);				\
-		} else {						\
-			tok = au_to_arg32(argn, "process",		\
-			    ar->ar_arg_pid);				\
-			kau_write(rec, tok);				\
-		}							\
+	if ((ar->ar_arg_pid > 0) /* Reference a single process */	\
+	    && (ARG_IS_VALID(kar, ARG_PROCESS))) {			\
+		tok = au_to_process(ar->ar_arg_auid,			\
+		    ar->ar_arg_euid, ar->ar_arg_egid,			\
+		    ar->ar_arg_ruid, ar->ar_arg_rgid,			\
+		    ar->ar_arg_pid, ar->ar_arg_asid,			\
+		    &ar->ar_arg_termid);				\
+		kau_write(rec, tok);					\
+	} else if (ARG_IS_VALID(kar, ARG_PID)) {			\
+		tok = au_to_arg32(argn, "process", ar->ar_arg_pid);	\
+		kau_write(rec, tok);					\
 	}								\
 } while (0)								\