Commit Graph

122255 Commits

Author SHA1 Message Date
rwatson
a3306012b7 Assign audit event identifiers to ibcs2 system calls.
Obtained from:	TrustedBSD Project
2006-02-06 22:14:50 +00:00
jhb
ae432f93f2 - Always call exec_free_args() in kern_execve() instead of doing it in all
the callers if the exec either succeeds or fails early.
- Move the code to call exit1() if the exec fails after the vmspace is
  gone to the bottom of kern_execve() to cut down on some code duplication.
2006-02-06 22:06:54 +00:00
jhb
1f0c541bd1 Add a kern_eaccess() function and use it to implement xenix_eaccess()
rather than kern_access().

Suggested by:	rwatson
2006-02-06 22:00:53 +00:00
jhb
db29bc1e15 - Move the wakeup() for exiting kthreads out of exit1() and into
kthread_exit() as that is cleaner and less obscured.  It also does the
  wakeup sooner.
- Add some comments to kthread_exit().
2006-02-06 21:56:13 +00:00
jhb
2eb77c6d18 We don't need the proc lock to check P_KTHREAD on curthread since it is
only set before the kthread starts executing and is never cleared.
2006-02-06 21:54:47 +00:00
rwatson
652ce929ec Clarify and expand on some of the points about audit pipe devices.
Discussed with:	remko
2006-02-06 20:27:00 +00:00
mjacob
28413db329 Update man page for some booting and settings stuff.
Remove a bunch of cards from vendors who are long since defunct.
Add a note about 2322 support.

Obtained from:	Marcus
2006-02-06 19:28:46 +00:00
brueffer
0bced5b0ec Add a missing word and use the .Qq macro for quotes. 2006-02-06 19:28:02 +00:00
jcamou
d3a1c26f55 Correct RFC for NTP.
PR:		docs/92629
Submitted by:	Daniel Gerzo <danger@rulez.sk>
Noticed by:	Michal F. Hanula <f@7f000001.org>
Approved by:	trhodes (mentor)
2006-02-06 19:22:34 +00:00
sos
ec5cff93e4 Unbreak DMA dumo on Intel 31224. 2006-02-06 19:17:48 +00:00
rwatson
99154347cd Add information on audit pipe special devices, which allow user processes
to "tee" the BSM record stream for the purposes of live monitoring,
intrusion detection, etc.  Support for audit pipes will be committed in
the near future.

Obtained from:	TrustedBSD Project
2006-02-06 18:41:00 +00:00
cognet
0ac58cd215 Use memory clobbers, to be on the safe side.
Suggested by:	jhb
2006-02-06 18:29:05 +00:00
cognet
41e16a89f7 rwlock expects the struct thread to be aligned on 8 bytes, so make sure
thread0 is.
2006-02-06 16:03:10 +00:00
ru
db2b824041 Two fixes:
- Run send queue down to completion, not just one packet.
  It has been observed to cause a stall queue otherwise.

- Prevent queueing multiple function calls to a node.

MFC after:	3 days
2006-02-06 14:30:21 +00:00
davidxu
f9048c6816 Always clear thread info buffer to zero. 2006-02-06 11:54:19 +00:00
jeff
4c912bf42a - Add a ref count to the mount structure. Sleep for up to 3 seconds in
vfs_mount_destroy waiting for this ref to hit 0.  We don't print an
   error if we are rebooting as the root mount always retains some refernces
   by init proc.
 - Acquire a mnt ref for every vnode allocated to a mount point.  Drop this
   ref only once vdestroy() has been called and the mount has been freed.
 - No longer NULL the v_mount pointer in delmntque() so that we may release
   the ref after vgone() has been called.  This allows us to guarantee
   that the mount point structure will be valid until the last vnode has
   lost its last ref.
 - Fix a few places that rely on checking v_mount to detect recycling.

Sponsored by:	Isilon Systems, Inc.
MFC After:	1 week
2006-02-06 10:19:50 +00:00
jeff
05c6b40c0d - Don't check v_mount for NULL to determine if a vnode has been recycled.
Use the more appropriate VI_DOOMED flag instead.

Sponsored by:	Isilon Systems, Inc.
MFC After:	1 week
2006-02-06 10:15:27 +00:00
jeff
547663461e - Fix silly VI locking that is used to check a single flag. The vnode
lock also protects this flag so it is not necessary.
 - Don't rely on v_mount to detect whether or not we've been recycled, use
   the more appropriate VI_DOOMED instead.

Sponsored by:	Isilon Systems, Inc.
MFC After:	1 week
2006-02-06 10:14:12 +00:00
jeff
2f3a978b92 - Add the global 'rebooting' variable that is used to detect when
boot() has been called.

Sponsored by:	Isilon Systems, Inc.
MFC After:	1 week
2006-02-06 10:12:00 +00:00
jeff
eeadb385e2 - Remove ifdef disabled code that doesn't have a chance of working anymore. 2006-02-06 10:10:42 +00:00
davidxu
c6ce9ab57e Add members pl_sigmask and pl_siglist into ptrace_lwpinfo to get lwp's
signal mask and pending signals.
2006-02-06 09:41:56 +00:00
delphij
fd420369b1 Attempt to fix DHCP address acquisition which was broken by rev. 1.133.
MFC After:	3 days
2006-02-06 06:49:57 +00:00
davidxu
0fdc8d7b72 1. Eliminate compile warnings.
2. Add command 'thread signal' to print out current thread's signal mask
   and pending signals.
2006-02-06 06:07:56 +00:00
rwatson
efc29c5782 Regenerate. 2006-02-06 02:00:32 +00:00
rwatson
350865b755 Prefer AUE_FOO audit identifiers to AUE_O_FOO, which are largely left
over from the Darwin implementation.

When we implement a system call as a wrapper to sysctl(), audit it as
AUE_SYSCTL.  This leads to greater compatibility with Solaris audit
trails as sysctl() argument tokens are not the same as the ones for
the originaly system calls (i.e., setdomainname()).

Replace references to AUE_ events that are equivilent to AUE_NULL with
AUE_NULL.  In the case of process signal configuration, this is
because these events do not require auditing.

Move from the Darwin spelling of getsockopt() to the FreeBSD/Solaris
one.

Audit nmount().

Obtained from:	TrustedBSD Project
2006-02-06 02:00:06 +00:00
rwatson
e145abd47f When exiting a thread, submit any pending record. Today, we don't
audit thread exit, but should that happen, this will prevent
unhappiness, as the thread exit system call will never return, and
hence not commit the record.

Pointed out by/with:	cognet
Obtained from:		TrustedBSD Project
2006-02-06 01:51:08 +00:00
rwatson
3a79f09166 Regenerate. 2006-02-06 01:40:48 +00:00
rwatson
59732048da Assign audit event identifiers to Linux i386 system calls.
Obtained from:	TrustedBSD Project
2006-02-06 01:40:30 +00:00
rwatson
93878c0233 Regenerate. 2006-02-06 01:16:00 +00:00
rwatson
f1624d0925 Reflect fix in Linux setfsgid() event name from OpenBSM in the alpha
linux system call table.

Obtained from:	TrustedBSD Project
2006-02-06 01:13:47 +00:00
rwatson
3011a662a5 Merge OpenBSM 1.0 alpha 3 include file changes from contrib/openbsm/bsm
to sys/bsm:

- Correct error in definition of audit event for Linux setfsgid().
- Add audit event identifier for sysarch().

Obtained from:	TrustedBSD Project
2006-02-06 01:12:46 +00:00
wsalamon
d0c0ad5594 Audit the arguments (user/group IDs) for the system calls that set these IDs.
Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
2006-02-06 00:32:33 +00:00
wsalamon
c41a486364 Audit the args to rfork(), and the child PID for all fork system calls.
Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
2006-02-06 00:28:50 +00:00
wsalamon
88c7ad2392 Audit the pid being requested in wait4().
Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
2006-02-06 00:19:09 +00:00
ceri
961deee05e Another update for reality: "dangerously dedicated" mode is now
achieved by hitting 'F', which is no longer undocumented.

PR:		bin/92533
Submitted by:	Rudolf Cejka <cejkar at fit.vutbr dot cz>
2006-02-06 00:06:39 +00:00
rwatson
4fae3f6a4a Vendor branch import of OpenBSM 1.0 alpha 3:
- Man page formatting, cross reference, mlinks, and accuracy improvements.
- auditd and tools now compile and run on FreeBSD/arm.
- auditd will now fchown() the trail file to the audit review group, if
  defined at compile-time.
- Added AUE_SYSARCH for FreeBSD.
- Definition of AUE_SETFSGID fixed for Linux.

Many thanks to:	brueffer, cognet
Obtained from:	TrustedBSD Project
2006-02-06 00:06:04 +00:00
rwatson
6d05b5ade5 This commit was generated by cvs2svn to compensate for changes in r155364,
which included commits to RCS files with non-trunk default branches.
2006-02-06 00:06:04 +00:00
rwatson
57234d7f8c Correct typo in sample CVS import line: must specify full path to the
CVS repository on repoman.
2006-02-06 00:03:39 +00:00
wsalamon
645740538d Add auditing of arguments to the close() and fstat() system calls. Much more
argument auditing yet to come, for remaining system calls in this file.

Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
2006-02-05 23:57:32 +00:00
rwatson
e04cb6becd Regenerate. 2006-02-05 23:28:46 +00:00
rwatson
a31938806b Assign audit event identfiers to Xenix system calls. Note: AUE_EACCESS
is assigned to xenix_eaccess() instead of AUE_ACCESS, as that is the
intended meaning of the system call.  xenix_eaccess() should be
reimplemented using our native eaccess() implementation so that it
works as intended.

Obtained from:	TrustedBSD Project
2006-02-05 23:28:01 +00:00
rwatson
7b3f1796f8 Correct help line: list targets, not names of files generated by targets
when no argument is provided to make.

MFC after:	1 week
2006-02-05 23:25:19 +00:00
rwatson
5570c55a29 Regenerate (accidentally also committed in commit that updated
syscalls.isc).
2006-02-05 23:16:20 +00:00
rwatson
ee99b2f3a5 Assign audit event identifiers to ibcs2 ISC system calls.
Obtained from:	TrustedBSD Project
2006-02-05 23:15:22 +00:00
mlaier
1bebb42407 pflog is a separate module now.
Submitted by:	Antoine Brodin
PR:		kern/88271
MFC after:	1 week
2006-02-05 22:38:08 +00:00
cognet
2d37c104ef Backout rev 1.12. It would have been a good thing, if gcc was smart enough
not to generate bad code.
2006-02-05 22:06:12 +00:00
rwatson
4cd971d35d On process exit, audit the return value of the process, and commit the
record immediately, as this system call never returns.

Obtained from:	TrustedBSD Project
2006-02-05 21:08:25 +00:00
rwatson
8b356bb2d7 When GC'ing a thread, assert that it has no active audit record.
This should not happen, but with this assert, brueffer and I would
not have spent 45 minutes trying to figure out why he wasn't
seeing audit records with the audit version in CVS.

Obtained from:	TrustedBSD Project
2006-02-05 21:06:09 +00:00
bmah
29de4be4fa Add some new release notes for 2006 security advisories:
SA-06:{01,02,03,04,05,06,07}.

(SA-06:08 does not appear to apply to CURRENT.)

Bump copyright date while here.
2006-02-05 20:54:53 +00:00
rwatson
a6de13a9ec Assign gid 77 to audit instead of gid 73. The ports group list did not
include '73', which was assigned in a ports passwd entry to ircservices.

Pointed out by:	ceri
2006-02-05 19:34:09 +00:00