diff options
| -rw-r--r-- | usr/src/cmd/bsmrecord/audit_record_attr.txt | 7 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/audit_event.txt | 3 | ||||
| -rw-r--r-- | usr/src/uts/common/c2/audit_event.c | 143 | ||||
| -rw-r--r-- | usr/src/uts/common/c2/audit_kevents.h | 4 |
4 files changed, 117 insertions, 40 deletions
diff --git a/usr/src/cmd/bsmrecord/audit_record_attr.txt b/usr/src/cmd/bsmrecord/audit_record_attr.txt index 389d1ae486..d3f2f1e5b7 100644 --- a/usr/src/cmd/bsmrecord/audit_record_attr.txt +++ b/usr/src/cmd/bsmrecord/audit_record_attr.txt @@ -1668,6 +1668,10 @@ label=AUE_SETHOSTNAME label=AUE_SETKERNSTATE skip=Not used. +label=AUE_SETPGID + format=[proc]:[arg]1 + comment=2, pgid, "pgid" + label=AUE_SETPGRP format=kernel @@ -1711,6 +1715,9 @@ label=AUE_SETRLIMIT # subject,tuser1,tuser1,staff,tuser1,staff,9707,497,0 0 tmach2 # return,success,0 +label=AUE_SETSID + format=kernel + label=AUE_SETSOCKOPT case=Invalid file descriptor format=arg1:arg2 diff --git a/usr/src/lib/libbsm/audit_event.txt b/usr/src/lib/libbsm/audit_event.txt index f4a1bb34f2..d2f54332a6 100644 --- a/usr/src/lib/libbsm/audit_event.txt +++ b/usr/src/lib/libbsm/audit_event.txt @@ -353,6 +353,9 @@ 305:AUE_PORTFS_ASSOCIATE:portfs(2) - file events source - PORT_ASSOCIATE:fa 306:AUE_PORTFS_DISSOCIATE:portfs(2) - file events source - PORT_DISSOCIATE:fa # +307:AUE_SETSID:setsid(2):pm +308:AUE_SETPGID:setpgid(2):pm +# # user level audit events # 2048 - 6143 Reserved # diff --git a/usr/src/uts/common/c2/audit_event.c b/usr/src/uts/common/c2/audit_event.c index 1fb1a00c86..7095aea760 100644 --- a/usr/src/uts/common/c2/audit_event.c +++ b/usr/src/uts/common/c2/audit_event.c @@ -100,6 +100,7 @@ static au_event_t aui_doorfs(au_event_t); static au_event_t aui_privsys(au_event_t); static au_event_t aui_forksys(au_event_t); static au_event_t aui_labelsys(au_event_t); +static au_event_t aui_setpgrp(au_event_t); static void aus_open(struct t_audit_data *); static void aus_acl(struct t_audit_data *); @@ -122,6 +123,7 @@ static void aus_semsys(struct t_audit_data *); static void aus_close(struct t_audit_data *); static void aus_fstatfs(struct t_audit_data *); static void aus_setgid(struct t_audit_data *); +static void aus_setpgrp(struct t_audit_data *); static void aus_setuid(struct t_audit_data *); static void aus_shmsys(struct t_audit_data *); static void aus_doorfs(struct t_audit_data *); @@ -273,7 +275,7 @@ aui_null, AUE_KILL, aus_kill, /* 37 kill */ auf_null, 0, aui_null, AUE_FSTATFS, aus_fstatfs, /* 38 fstatfs */ auf_null, S2E_PUB, -aui_null, AUE_SETPGRP, aus_null, /* 39 setpgrp */ +aui_setpgrp, AUE_SETPGRP, aus_setpgrp, /* 39 setpgrp */ auf_null, 0, aui_null, AUE_NULL, aus_null, /* 40 uucopystr */ auf_null, 0, @@ -1910,62 +1912,125 @@ aus_fstatfs(struct t_audit_data *tad) releasef(fd); } -#ifdef NOTYET -/*ARGSUSED*/ +static au_event_t +aui_setpgrp(au_event_t e) +{ + klwp_t *clwp = ttolwp(curthread); + int flag; + + struct a { + long flag; + long pid; + long pgid; + } *uap = (struct a *)clwp->lwp_ap; + + flag = (int)uap->flag; + + + switch (flag) { + + case 1: /* setpgrp() */ + e = AUE_SETPGRP; + break; + + case 3: /* setsid() */ + e = AUE_SETSID; + break; + + case 5: /* setpgid() */ + e = AUE_SETPGID; + break; + + case 0: /* getpgrp() - not security relevant */ + case 2: /* getsid() - not security relevant */ + case 4: /* getpgid() - not security relevant */ + e = AUE_NULL; + break; + + default: + e = AUE_NULL; + break; + } + + return (e); +} + static void aus_setpgrp(struct t_audit_data *tad) { - klwp_t *clwp = ttolwp(curthread); - uint32_t pgrp; - struct proc *p; - uid_t uid, ruid; - gid_t gid, rgid; - pid_t pid; - const auditinfo_addr_t *ainfo; - cred_t *cr; + klwp_t *clwp = ttolwp(curthread); + pid_t pgid; + struct proc *p; + uid_t uid, ruid; + gid_t gid, rgid; + pid_t pid; + cred_t *cr; + int flag; + const auditinfo_addr_t *ainfo; struct a { + long flag; long pid; - long pgrp; + long pgid; } *uap = (struct a *)clwp->lwp_ap; + flag = (int)uap->flag; pid = (pid_t)uap->pid; - pgrp = (uint32_t)uap->pgrp; + pgid = (pid_t)uap->pgid; + + + switch (flag) { + + case 0: /* getpgrp() */ + case 1: /* setpgrp() */ + case 2: /* getsid() */ + case 3: /* setsid() */ + case 4: /* getpgid() */ + break; + + case 5: /* setpgid() */ /* current process? */ - if (pid == 0) - (return); + if (pid == 0) { + return; + } - mutex_enter(&pidlock); - p = prfind(pid); - if (p == NULL || p->p_as == &kas) { + mutex_enter(&pidlock); + p = prfind(pid); + if (p == NULL || p->p_as == &kas || + p->p_stat == SIDL || p->p_stat == SZOMB) { + mutex_exit(&pidlock); + return; + } + mutex_enter(&p->p_lock); /* so process doesn't go away */ mutex_exit(&pidlock); - return; - } - mutex_enter(&p->p_lock); /* so process doesn't go away */ - mutex_exit(&pidlock); - mutex_enter(&p->p_crlock); - crhold(cr = p->p_cred); - mutex_exit(&p->p_crlock); - mutex_exit(&p->p_lock); + mutex_enter(&p->p_crlock); + crhold(cr = p->p_cred); + mutex_exit(&p->p_crlock); + mutex_exit(&p->p_lock); + + ainfo = crgetauinfo(cr); + if (ainfo == NULL) { + crfree(cr); + return; + } - ainfo = crgetauinfo(cr); - if (ainfo == NULL) { + uid = crgetuid(cr); + gid = crgetgid(cr); + ruid = crgetruid(cr); + rgid = crgetrgid(cr); + au_uwrite(au_to_process(uid, gid, ruid, rgid, pid, + ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid)); crfree(cr); - return; - } + au_uwrite(au_to_arg32(2, "pgid", pgid)); + break; - uid = crgetuid(cr); - gid = crgetgid(cr); - ruid = crgetruid(cr); - rgid = crgetrgid(cr); - au_uwrite(au_to_process(uid, gid, ruid, rgid, pid, - ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid)); - crfree(cr); - au_uwrite(au_to_arg32(2, "pgrp", pgrp)); + default: + break; + } } -#endif + /*ARGSUSED*/ static void diff --git a/usr/src/uts/common/c2/audit_kevents.h b/usr/src/uts/common/c2/audit_kevents.h index 4ccfa0bf93..137b717cb3 100644 --- a/usr/src/uts/common/c2/audit_kevents.h +++ b/usr/src/uts/common/c2/audit_kevents.h @@ -340,12 +340,14 @@ extern "C" { #define AUE_LABELSYS_TNMLP 304 /* =as tnmlp(2) */ #define AUE_PORTFS_ASSOCIATE 305 /* =fa portfs(2) - port associate */ #define AUE_PORTFS_DISSOCIATE 306 /* =fa portfs(2) - port disassociate */ +#define AUE_SETSID 307 /* =pm setsid(2) */ +#define AUE_SETPGID 308 /* =pm setpgid(2) */ /* NOTE: update MAX_KEVENTS below if events are added. */ -#define MAX_KEVENTS 306 +#define MAX_KEVENTS 308 #ifdef __cplusplus |