diff options
| author | Brent Paulson <Brent.Paulson@Oracle.COM> | 2010-06-24 22:54:18 +0100 |
|---|---|---|
| committer | Brent Paulson <Brent.Paulson@Oracle.COM> | 2010-06-24 22:54:18 +0100 |
| commit | c4d3e299d9d0295322679b4d484560411b6822d5 (patch) | |
| tree | 59fb086579ad33b76a413cafcd1e0d005fead40d /usr/src | |
| parent | 13cc0a0b8d667c14344b4ff49cc47350cd9ef182 (diff) | |
| download | illumos-joyent-c4d3e299d9d0295322679b4d484560411b6822d5.tar.gz | |
6949768 fsattr(5) auditing can incorrectly record some open(2) paths as extended attribute paths
6951837 truss(1) doesn't format the output of openat(2) calls correctly in snv_135 and later
6951840 openat(2) doesn't ignore the fd argument when path argument is absolute
6952651 pathnames can be excluded from audit records for extended attribute syscalls in some scenarios
6958299 getattrat(3C) and setattrat(3C) generate audit records with duplicate pathnames
6959020 auditing of getattrat(3C) and setattrat(3C) doesn't handle absolute pathnames correctly
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/cmd/truss/actions.c | 12 | ||||
| -rw-r--r-- | usr/src/uts/common/c2/audit.c | 24 | ||||
| -rw-r--r-- | usr/src/uts/common/c2/audit_event.c | 33 | ||||
| -rw-r--r-- | usr/src/uts/common/c2/audit_kernel.h | 1 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/vnode.c | 4 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/access.c | 5 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/chown.c | 5 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/open.c | 60 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/stat.c | 7 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/unlink.c | 5 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/utime.c | 5 |
11 files changed, 90 insertions, 71 deletions
diff --git a/usr/src/cmd/truss/actions.c b/usr/src/cmd/truss/actions.c index 2dda60fb3e..52c75e5d3e 100644 --- a/usr/src/cmd/truss/actions.c +++ b/usr/src/cmd/truss/actions.c @@ -482,9 +482,11 @@ sysentry(private_t *pri, int dotrace) ((i == 0 && x == STG) || (i == 1 && (what == SYS_openat || what == SYS_openat64)))) { /* already fetched */ + if (argprinted) + outstring(pri, ", "); escape_string(pri, pri->sys_path); argprinted = TRUE; - } else if (x != HID || raw) { + } else if (x != NOV && (x != HID || raw)) { if (argprinted) outstring(pri, ", "); if (x == LLO) @@ -492,13 +494,7 @@ sysentry(private_t *pri, int dotrace) pri->sys_args[++i]); else (*Print[x])(pri, raw, arg); - /* - * if nothing printed, then don't print ", " - */ - if (x == NOV) - argprinted = FALSE; - else - argprinted = TRUE; + argprinted = TRUE; } } outstring(pri, ")"); diff --git a/usr/src/uts/common/c2/audit.c b/usr/src/uts/common/c2/audit.c index 1f1b204f9d..aa3fd4e1b9 100644 --- a/usr/src/uts/common/c2/audit.c +++ b/usr/src/uts/common/c2/audit.c @@ -1008,6 +1008,7 @@ audit_setfsat_path(int argnum) t_audit_data_t *tad; struct f_audit_data *fad; p_audit_data_t *pad; /* current process */ + uint_t fm; struct a { long arg1; long arg2; @@ -1042,6 +1043,10 @@ audit_setfsat_path(int argnum) case SYS_utimesys: fd = uap->arg2; break; + case SYS_open: + case SYS_open64: + fd = AT_FDCWD; + break; default: return; } @@ -1050,7 +1055,18 @@ audit_setfsat_path(int argnum) au_pathrele(tad->tad_atpath); tad->tad_atpath = NULL; } + if (fd != AT_FDCWD) { + tad->tad_ctrl |= TAD_ATCALL; + + if (tad->tad_scid == SYS_openat || + tad->tad_scid == SYS_openat64) { + fm = (uint_t)uap->arg3; + if (fm & (FXATTR | FXATTRDIROPEN)) { + tad->tad_ctrl |= TAD_ATTPATH; + } + } + if ((fp = getf(fd)) == NULL) { tad->tad_ctrl |= TAD_NOPATH; return; @@ -1066,6 +1082,14 @@ audit_setfsat_path(int argnum) tad->tad_atpath = fad->fad_aupath; releasef(fd); } else { + if (tad->tad_scid == SYS_open || + tad->tad_scid == SYS_open64) { + fm = (uint_t)uap->arg2; + if (fm & FXATTR) { + tad->tad_ctrl |= TAD_ATTPATH; + } + return; + } pad = P2A(curproc); mutex_enter(&pad->pad_lock); au_pathhold(pad->pad_cwd); diff --git a/usr/src/uts/common/c2/audit_event.c b/usr/src/uts/common/c2/audit_event.c index 68975f00aa..270fa59c96 100644 --- a/usr/src/uts/common/c2/audit_event.c +++ b/usr/src/uts/common/c2/audit_event.c @@ -287,7 +287,7 @@ aui_null, AUE_NULL, aus_null, /* 43 times */ aui_null, AUE_NULL, aus_null, /* 44 profil */ auf_null, 0, aui_null, AUE_ACCESS, aus_null, /* 45 faccessat */ - auf_null, S2E_PUB | S2E_ATC, + auf_null, S2E_PUB, aui_null, AUE_SETGID, aus_setgid, /* 46 setgid */ auf_null, 0, aui_null, AUE_NULL, aus_null, /* 47 getgid */ @@ -314,7 +314,7 @@ aui_null, AUE_IOCTL, aus_ioctl, /* 54 ioctl */ aui_null, AUE_NULL, aus_null, /* 55 uadmin */ auf_null, 0, aui_fchownat, AUE_NULL, aus_fchownat, /* 56 fchownat */ - auf_null, S2E_ATC, + auf_null, 0, aui_utssys, AUE_FUSERS, aus_null, /* 57 utssys */ auf_null, 0, aui_null, AUE_NULL, aus_null, /* 58 fsync */ @@ -330,17 +330,17 @@ aui_fcntl, AUE_FCNTL, aus_fcntl, /* 62 fcntl */ aui_null, AUE_NULL, aus_null, /* 63 ulimit */ auf_null, 0, aui_null, AUE_RENAME, aus_null, /* 64 renameat */ - auf_null, S2E_ATC, + auf_null, 0, aui_unlinkat, AUE_NULL, aus_null, /* 65 unlinkat */ - auf_null, S2E_ATC, + auf_null, 0, aui_fstatat, AUE_NULL, aus_null, /* 66 fstatat */ - auf_null, S2E_PUB | S2E_ATC, + auf_null, S2E_PUB, aui_fstatat, AUE_NULL, aus_null, /* 67 fstatat64 */ - auf_null, S2E_PUB | S2E_ATC, + auf_null, S2E_PUB, aui_openat, AUE_OPEN, aus_openat, /* 68 openat */ - auf_null, S2E_SP | S2E_ATC, + auf_null, S2E_SP, aui_openat, AUE_OPEN, aus_openat, /* 69 openat64 */ - auf_null, S2E_SP | S2E_ATC, + auf_null, S2E_SP, aui_null, AUE_NULL, aus_null, /* 70 tasksys */ auf_null, 0, aui_null, AUE_NULL, aus_null, /* 71 (loadable) acctctl */ @@ -427,7 +427,7 @@ aui_null, AUE_NULL, aus_null, /* 109 (loadable) */ auf_null, 0, #endif /* __x86 */ aui_null, AUE_UTIMES, aus_null, /* 110 utimesys */ - auf_null, S2E_ATC, + auf_null, 0, aui_null, AUE_NULL, aus_null, /* 111 sigresend */ auf_null, 0, aui_null, AUE_PRIOCNTLSYS, aus_priocntlsys, /* 112 priocntlsys */ @@ -1008,7 +1008,6 @@ open_event(uint_t fm) static au_event_t aui_open(au_event_t e) { - t_audit_data_t *tad = T2A(curthread); klwp_t *clwp = ttolwp(curthread); uint_t fm; @@ -1020,10 +1019,6 @@ aui_open(au_event_t e) fm = (uint_t)uap->fmode; - /* convert to appropriate au_ctrl */ - if (fm & (FXATTR | FXATTRDIROPEN)) - tad->tad_ctrl |= TAD_ATTPATH; - return (open_event(fm)); } @@ -1063,9 +1058,13 @@ aui_openat(au_event_t e) fm = (uint_t)uap->fmode; - /* convert to appropriate au_ctrl */ - if (fm & (FXATTR | FXATTRDIROPEN)) - tad->tad_ctrl |= TAD_ATTPATH; + /* + * __openattrdirat() does an extra pathname lookup in order to + * enter the extended system attribute namespace of the referenced + * extended attribute filename. + */ + if (fm & FXATTRDIROPEN) + tad->tad_ctrl |= TAD_MLD; return (open_event(fm)); } diff --git a/usr/src/uts/common/c2/audit_kernel.h b/usr/src/uts/common/c2/audit_kernel.h index 78355d8f3b..fe158b8b9a 100644 --- a/usr/src/uts/common/c2/audit_kernel.h +++ b/usr/src/uts/common/c2/audit_kernel.h @@ -83,7 +83,6 @@ extern "C" { #define S2E_MLD TAD_MLD /* only one lookup per system call */ #define S2E_NPT TAD_NOPATH /* force no path in audit record */ #define S2E_PUB TAD_PUBLIC_EV /* syscall is defined as a public op */ -#define S2E_ATC TAD_ATCALL /* syscall is one of the *at() family */ /* * At present, we are using the audit classes imbedded with in the kernel. Each diff --git a/usr/src/uts/common/fs/vnode.c b/usr/src/uts/common/fs/vnode.c index 8ba373ad19..4c5e1b3da3 100644 --- a/usr/src/uts/common/fs/vnode.c +++ b/usr/src/uts/common/fs/vnode.c @@ -1652,7 +1652,7 @@ top: * use the lib directory for the rename. */ - if (auditing) + if (auditing && (fdvp != NULL)) audit_setfsat_path(1); /* * Lookup to and from directories. @@ -1669,7 +1669,7 @@ top: goto out; } - if (auditing) + if (auditing && (tdvp != NULL)) audit_setfsat_path(3); if (error = lookuppnat(&tpn, NULL, NO_FOLLOW, &tovp, &targvp, tdvp)) { goto out; diff --git a/usr/src/uts/common/syscall/access.c b/usr/src/uts/common/syscall/access.c index 16b7ff7534..9e4f1aac84 100644 --- a/usr/src/uts/common/syscall/access.c +++ b/usr/src/uts/common/syscall/access.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -152,7 +151,7 @@ faccessat(int fd, char *fname, int fmode, int flag) } } - if (AU_AUDITING()) + if (AU_AUDITING() && (dirvp != NULL)) audit_setfsat_path(1); /* Do not allow E_OK unless AT_EACCESS flag is set */ diff --git a/usr/src/uts/common/syscall/chown.c b/usr/src/uts/common/syscall/chown.c index a0a5821374..ccb0b584ee 100644 --- a/usr/src/uts/common/syscall/chown.c +++ b/usr/src/uts/common/syscall/chown.c @@ -20,8 +20,7 @@ */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -106,7 +105,7 @@ fchownat(int fd, char *name, uid_t uid, gid_t gid, int flags) } } - if (AU_AUDITING()) + if (AU_AUDITING() && (startvp != NULL)) audit_setfsat_path(1); /* diff --git a/usr/src/uts/common/syscall/open.c b/usr/src/uts/common/syscall/open.c index 695cda863c..154c1a6953 100644 --- a/usr/src/uts/common/syscall/open.c +++ b/usr/src/uts/common/syscall/open.c @@ -67,6 +67,7 @@ copen(int startfd, char *fname, int filemode, int createmode) uio_seg_t seg = UIO_USERSPACE; char *open_filename = fname; uint32_t auditing = AU_AUDITING(); + char startchar; if (startfd == AT_FDCWD) { /* @@ -77,8 +78,6 @@ copen(int startfd, char *fname, int filemode, int createmode) /* * We're here via openat() */ - char startchar; - if (copyin(fname, &startchar, sizeof (char))) return (set_errno(EFAULT)); @@ -97,19 +96,17 @@ copen(int startfd, char *fname, int filemode, int createmode) } /* - * Handle openattrdirat request + * Handle __openattrdirat() requests */ if (filemode & FXATTRDIROPEN) { - if (auditing) + if (auditing && (startvp != NULL)) audit_setfsat_path(1); if (error = lookupnameat(fname, seg, FOLLOW, NULLVPP, &vp, startvp)) return (set_errno(error)); - if (startvp) { + if (startvp != NULL) VN_RELE(startvp); - startvp = NULL; - } startvp = vp; } @@ -117,35 +114,46 @@ copen(int startfd, char *fname, int filemode, int createmode) /* * Do we need to go into extended attribute space? */ - if (filemode & (FXATTR|FXATTRDIROPEN)) { - vattr_t vattr; + if (filemode & FXATTR) { + if (startfd == AT_FDCWD) { + if (copyin(fname, &startchar, sizeof (char))) + return (set_errno(EFAULT)); + + /* + * If startchar == '/' then no extended attributes + * are looked up. + */ + if (startchar == '/') { + startvp = NULL; + } else { + mutex_enter(&p->p_lock); + startvp = PTOU(p)->u_cdir; + VN_HOLD(startvp); + mutex_exit(&p->p_lock); + } + } /* - * Make sure we have a valid request. - * We must either have a real fd or AT_FDCWD + * Make sure we have a valid extended attribute request. + * We must either have a real fd or AT_FDCWD and a relative + * pathname. */ - - if (startfd != AT_FDCWD && startvp == NULL) { - error = EINVAL; - goto out; + if (startvp == NULL) { + goto noxattr; } + } + + if (filemode & (FXATTR|FXATTRDIROPEN)) { + vattr_t vattr; if (error = pn_get(fname, UIO_USERSPACE, &pn)) { goto out; } - if (startfd == AT_FDCWD && !(filemode & FXATTRDIROPEN)) { - mutex_enter(&p->p_lock); - startvp = PTOU(p)->u_cdir; - VN_HOLD(startvp); - mutex_exit(&p->p_lock); - } - /* * In order to access hidden attribute directory the * user must be able to stat() the file */ - vattr.va_mask = AT_ALL; if (error = VOP_GETATTR(startvp, &vattr, 0, CRED(), NULL)) { pn_free(&pn); @@ -163,7 +171,7 @@ copen(int startfd, char *fname, int filemode, int createmode) } /* - * For openattrdirat use "." as filename to open + * For __openattrdirat() use "." as filename to open * as part of vn_openat() */ if (error == 0 && (filemode & FXATTRDIROPEN)) { @@ -179,18 +187,18 @@ copen(int startfd, char *fname, int filemode, int createmode) startvp = sdvp; } +noxattr: if ((filemode & (FREAD|FWRITE|FXATTRDIROPEN)) != 0) { if ((filemode & (FNONBLOCK|FNDELAY)) == (FNONBLOCK|FNDELAY)) filemode &= ~FNDELAY; error = falloc((vnode_t *)NULL, filemode, &fp, &fd); if (error == 0) { - if (auditing) + if (auditing && (startvp != NULL)) audit_setfsat_path(1); /* * Last arg is a don't-care term if * !(filemode & FCREAT). */ - error = vn_openat(open_filename, seg, filemode, (int)(createmode & MODEMASK), &vp, CRCREAT, PTOU(curproc)->u_cmask, diff --git a/usr/src/uts/common/syscall/stat.c b/usr/src/uts/common/syscall/stat.c index 90d191bd9e..d636b1c720 100644 --- a/usr/src/uts/common/syscall/stat.c +++ b/usr/src/uts/common/syscall/stat.c @@ -20,8 +20,7 @@ */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -103,7 +102,7 @@ cstatat_getvp(int fd, char *name, int follow, vnode_t **vp, cred_t **cred) } *cred = cr; - if (AU_AUDITING()) + if (AU_AUDITING() && (startvp != NULL)) audit_setfsat_path(1); lookup: @@ -144,8 +143,6 @@ static int cstat(vnode_t *vp, struct stat *, int, cred_t *); return (set_errno(EFAULT)); \ if ((fp = getf(fd)) == NULL) \ return (set_errno(EBADF)); \ - if (AU_AUDITING()) \ - audit_setfsat_path(1); \ error = statfn(fp->f_vnode, sb, 0, fp->f_cred); \ releasef(fd); \ if (error) \ diff --git a/usr/src/uts/common/syscall/unlink.c b/usr/src/uts/common/syscall/unlink.c index d8ba91ac9b..8ee0b9ff0d 100644 --- a/usr/src/uts/common/syscall/unlink.c +++ b/usr/src/uts/common/syscall/unlink.c @@ -20,8 +20,7 @@ */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -80,7 +79,7 @@ unlinkat(int fd, char *name, int flags) } } - if (AU_AUDITING()) + if (AU_AUDITING() && (dirvp != NULL)) audit_setfsat_path(1); error = vn_removeat(dirvp, name, diff --git a/usr/src/uts/common/syscall/utime.c b/usr/src/uts/common/syscall/utime.c index d0ccd869e3..19ce7bb972 100644 --- a/usr/src/uts/common/syscall/utime.c +++ b/usr/src/uts/common/syscall/utime.c @@ -20,8 +20,7 @@ */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -84,7 +83,7 @@ cfutimesat(int fd, char *fname, int nmflag, vattr_t *vap, int flags, int follow) } } - if (AU_AUDITING()) + if (AU_AUDITING() && (startvp != NULL)) audit_setfsat_path(1); if ((nmflag == 1) || ((nmflag == 2) && (fname != NULL))) { |