d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Audit the arguments (user/group IDs) for the system calls that set these IDs.

Browse Source 
Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
This commit is contained in:
wsalamon 2006-02-06 00:32:33 +00:00
parent c41a486364
commit d0c0ad5594
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
sys/kern/kern_prot.c
View File

@ -65,6 +65,8 @@ __FBSDID("$FreeBSD$");
#include <sys/socketvar.h>
#include <sys/sysctl.h>
#include <security/audit/audit.h>
static MALLOC_DEFINE(M_CRED, "cred", "credentials");
SYSCTL_DECL(_security);
@ -496,6 +498,7 @@ setuid(struct thread *td, struct setuid_args *uap)
int error;
uid = uap->uid;
AUDIT_ARG(uid, uid);
newcred = crget();
uip = uifind(uid);
PROC_LOCK(p);
@ -609,6 +612,7 @@ seteuid(struct thread *td, struct seteuid_args *uap)
int error;
euid = uap->euid;
AUDIT_ARG(euid, euid);
newcred = crget();
euip = uifind(euid);
PROC_LOCK(p);
@ -665,6 +669,7 @@ setgid(struct thread *td, struct setgid_args *uap)
int error;
gid = uap->gid;
AUDIT_ARG(gid, gid);
newcred = crget();
PROC_LOCK(p);
oldcred = p->p_ucred;
@ -765,6 +770,7 @@ setegid(struct thread *td, struct setegid_args *uap)
int error;
egid = uap->egid;
AUDIT_ARG(egid, egid);
newcred = crget();
PROC_LOCK(p);
oldcred = p->p_ucred;
@ -823,6 +829,7 @@ setgroups(struct thread *td, struct setgroups_args *uap)
crfree(tempcred);
return (error);
}
AUDIT_ARG(groupset, tempcred->cr_groups, ngrp);
newcred = crget();
PROC_LOCK(p);
oldcred = p->p_ucred;
@ -891,6 +898,8 @@ setreuid(register struct thread *td, struct setreuid_args *uap)
euid = uap->euid;
ruid = uap->ruid;
AUDIT_ARG(euid, euid);
AUDIT_ARG(ruid, ruid);
newcred = crget();
euip = uifind(euid);
ruip = uifind(ruid);
@ -959,6 +968,8 @@ setregid(register struct thread *td, struct setregid_args *uap)
egid = uap->egid;
rgid = uap->rgid;
AUDIT_ARG(egid, egid);
AUDIT_ARG(rgid, rgid);
newcred = crget();
PROC_LOCK(p);
oldcred = p->p_ucred;
@ -1029,6 +1040,9 @@ setresuid(register struct thread *td, struct setresuid_args *uap)
euid = uap->euid;
ruid = uap->ruid;
suid = uap->suid;
AUDIT_ARG(euid, euid);
AUDIT_ARG(ruid, ruid);
AUDIT_ARG(suid, suid);
newcred = crget();
euip = uifind(euid);
ruip = uifind(ruid);
@ -1109,6 +1123,9 @@ setresgid(register struct thread *td, struct setresgid_args *uap)
egid = uap->egid;
rgid = uap->rgid;
sgid = uap->sgid;
AUDIT_ARG(egid, egid);
AUDIT_ARG(rgid, rgid);
AUDIT_ARG(sgid, sgid);
newcred = crget();
PROC_LOCK(p);
oldcred = p->p_ucred;