Page MenuHomeFreeBSD
Differential D24553

close_range(2): finalize audit bits
Needs ReviewPublic
Actions

Authored by kevans on Apr 24 2020, 2:06 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, May 2, 10:54 PM
Unknown Object (File)
Tue, Apr 30, 3:40 PM
Unknown Object (File)
Tue, Apr 30, 3:40 PM
Unknown Object (File)
Tue, Apr 30, 3:36 PM
Unknown Object (File)
Tue, Apr 30, 8:26 AM
Unknown Object (File)
Sun, Apr 28, 3:03 PM
Unknown Object (File)
Thu, Apr 25, 11:37 AM
Unknown Object (File)
Mar 10 2024, 7:06 PM
View All 23 Files
Subscribers
imp

Details

Reviewers
csjp
Summary

Included here:

  • audit_event addition (whoops, need to send this upstream)
  • AUDIT_ARG_FD(*) in sys_close_range
  • Plumb the fds out in kaudit_to_bsm

Tested by make -j4 buildkernel installkernel, manually installing audit_event, reboot, fire up auditd and execute a close_range.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 30778

Event Timeline

kevans created this revision.Apr 24 2020, 2:06 AM
Herald added a subscriber: imp. · View Herald TranscriptApr 24 2020, 2:06 AM
Harbormaster completed remote builds in B30695: Diff 70930.Apr 24 2020, 2:06 AM
kevans updated this revision to Diff 71113.Apr 28 2020, 4:31 PM
kevans edited the summary of this revision. (Show Details)

Stab #2, now we get:

root@viper:~/grep# praudit /var/audit/current | grep -A 5 'close_range(2)'
header,90,11,close_range(2),0,Tue Apr 28 16:25:31 2020, + 582 msec
argument,1,0x6,fd
argument,2,0xffffffff,fd
subject,-1,root,0,root,0,1308,0,0,0.0.0.0
return,success,0
trailer,90
--
header,90,11,close_range(2),0,Tue Apr 28 16:30:19 2020, + 115 msec
argument,1,0x5,fd
argument,2,0x9,fd
subject,kevans,root,0,root,0,1404,1308,64348,10.0.2.2
return,success,0
trailer,90

Which lines up with:

close_range(6, ~0UL, 0);   // AKA closefrom(6)
close_range(5, 9, 0);

The upper-end is now audited successfully.

Harbormaster completed remote builds in B30778: Diff 71113.Apr 28 2020, 4:31 PM
kevans mentioned this in D28388: close_range: add audit support.Jan 28 2021, 1:22 PM

Revision Contents
Changeset List

PathSize
contrib/
openbsm/
etc/
1 line
sys/
kern/
2 lines
security/
audit/
7 lines
13 lines
11 lines
2 lines

Diff 71113

View Options

contrib/openbsm/etc/audit_event

Loading...
View Options

sys/kern/kern_descrip.c

Loading...
View Options

sys/security/audit/audit.h

Loading...
View Options

sys/security/audit/audit_arg.c

Loading...
View Options

sys/security/audit/audit_bsm.c

Loading...
View Options

sys/security/audit/audit_private.h

Loading...