Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F103318528
D34128.id102237.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
2 KB
Referenced Files
None
Subscribers
None
D34128.id102237.diff
View Options
Index: share/man/man4/filemon.4
===================================================================
--- share/man/man4/filemon.4
+++ share/man/man4/filemon.4
@@ -31,7 +31,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd June 15, 2019
+.Dd February 1, 2022
.Dt FILEMON 4
.Os
.Sh NAME
@@ -51,10 +51,10 @@
.Pp
.Nm
is not intended to be a security auditing tool.
-Many system calls are not tracked and binaries of foreign ABI will not be fully
-audited.
-It is intended for auditing of processes for the purpose of determining its
-dependencies in an efficient and easily parsable format.
+Many system calls are not tracked and binaries using a non-native ABI may not
+be fully audited.
+It is intended for auditing of processes for the purpose of determining their
+dependencies using an efficient and easily parsable format.
An example of this is
.Xr make 1
which uses this module with
@@ -145,6 +145,11 @@
The
.Nm
handle is already associated with a file descriptor.
+.It Bq Er EINVAL
+The file descriptor has an invalid type and cannot be used for
+tracing.
+.It Bq Er EBADF
+The file descriptor is invalid or not opened for writing.
.El
.Pp
The
Index: sys/dev/filemon/filemon.c
===================================================================
--- sys/dev/filemon/filemon.c
+++ sys/dev/filemon/filemon.c
@@ -359,9 +359,10 @@
filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag __unused,
struct thread *td)
{
- int error = 0;
struct filemon *filemon;
+ struct file *fp;
struct proc *p;
+ int error;
if ((error = devfs_get_cdevpriv((void **) &filemon)) != 0)
return (error);
@@ -376,12 +377,21 @@
break;
}
- error = fget_write(td, *(int *)data,
- &cap_pwrite_rights,
- &filemon->fp);
- if (error == 0)
+ error = fget_write(td, *(int *)data, &cap_pwrite_rights, &fp);
+ if (error == 0) {
+ /*
+ * The filemon handle may be passed to another process,
+ * so the underlying file handle must support this.
+ */
+ if ((fp->f_ops->fo_flags & DFLAG_PASSABLE) == 0) {
+ fdrop(fp, curthread);
+ error = EINVAL;
+ break;
+ }
+ filemon->fp = fp;
/* Write the file header. */
filemon_write_header(filemon);
+ }
break;
/* Set the monitored process ID. */
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Nov 24, 11:58 AM (4 h, 18 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
14821447
Default Alt Text
D34128.id102237.diff (2 KB)
Attached To
Mode
D34128: filemon: Reject FILEMON_SET_FD commands when the fd is a kqueue
Attached
Detach File
Event Timeline
Log In to Comment