Page MenuHomeFreeBSD

audit(4): Syscalls dealing with file access via file-handles
ClosedPublic

Authored by aniketp on Jun 14 2018, 4:54 AM.
Tags
None
Referenced Files
Unknown Object (File)
Jan 27 2024, 8:20 PM
Unknown Object (File)
Jan 27 2024, 8:20 PM
Unknown Object (File)
Jan 27 2024, 8:20 PM
Unknown Object (File)
Jan 27 2024, 8:20 PM
Unknown Object (File)
Jan 27 2024, 12:49 AM
Unknown Object (File)
Jan 7 2024, 10:41 AM
Unknown Object (File)
Dec 20 2023, 2:58 AM
Unknown Object (File)
Dec 10 2023, 8:55 PM
Subscribers

Details

Summary

The following change introduces 3 system calls dealing with retrieving file information
with the help of file handles. The system calls are categorized as audit events
within file-attribute-access audit class

List of system calls:

  • fhopen(2)
  • fhstat(2)
  • fhstatfs(2)
Test Plan

Execute make && make install from test/sys/audit.
Execute kyua test from /usr/tests/sys/audit. All testcases should succeed.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

asomers requested changes to this revision.Jun 14 2018, 1:30 PM
asomers added inline comments.
tests/sys/audit/file-attribute-access.c
389 ↗(On Diff #43743)

Do you have a test for getfh itself anywhere?

417 ↗(On Diff #43743)

This is a read from uninitialized memory, and isn't guaranteed to fail. Better would be to deliberately construct an invalid fhandle_t. However, I don't see any obvious way to do that. So a better test might be to call fhopen with a valid fhandle_t, but make it fail for some other reason. For example, the man page says it will fail if O_CREAT is set.

468 ↗(On Diff #43743)

Another read from uninitialized memory here.

519 ↗(On Diff #43743)

And here.

This revision now requires changes to proceed.Jun 14 2018, 1:30 PM
tests/sys/audit/file-attribute-access.c
389 ↗(On Diff #43743)

Yes @asomers, I have tested getfh(2) which is weirdly audited as nfs_getfh(2), and that too in administrative audit class.
Here is the test for nfs_getfh(2) : https://github.com/aniketp/AuditTestSuite/blob/master/audit/administrative.c#L157

Replace uninitialized buffers with NULL for the failure cases

You also need to update Makefile.

@asomers, I'm adding these tests on top of already existing tests in file-attribute-access. Why would updating the Makefile be necessary here?

@asomers, I'm adding these tests on top of already existing tests in file-attribute-access. Why would updating the Makefile be necessary here?

Oh, I see the real problem now. Your last submission accidentally disabled these tests: https://reviews.freebsd.org/D15795#inline-96266 .

This revision is now accepted and ready to land.Jun 14 2018, 3:02 PM
This revision was automatically updated to reflect the committed changes.