More fully audit fexecve(2) and its arguments.

Obtained from:	TrustedBSD Project
Sponsored by:	Google, Inc.
This commit is contained in:
rwatson 2008-08-25 13:50:01 +00:00
parent b9dfa1bea1
commit acf5da1d35
2 changed files with 9 additions and 0 deletions

View File

@ -412,11 +412,13 @@ do_execve(td, args, mac_p)
binvp = ndp->ni_vp;
imgp->vp = binvp;
} else {
AUDIT_ARG(fd, args->fd);
error = fgetvp(td, args->fd, &binvp);
if (error)
goto exec_fail;
vfslocked = VFS_LOCK_GIANT(binvp->v_mount);
vn_lock(binvp, LK_EXCLUSIVE | LK_RETRY);
AUDIT_ARG(vnode, binvp, ARG_VNODE1);
imgp->vp = binvp;
}

View File

@ -762,6 +762,13 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
EXTATTR_TOKENS;
break;
case AUE_FEXECVE:
if (ARG_IS_VALID(kar, ARG_FD)) {
tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
kau_write(rec, tok);
}
/* FALLTHROUGH */
case AUE_EXECVE:
if (ARG_IS_VALID(kar, ARG_ARGV)) {
tok = au_to_exec_args(ar->ar_arg_argv,