Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


 710  * ROUTINE:     AUDIT_CLOSEF
 711  * PURPOSE:
 712  * CALLBY:      CLOSEF
 713  * NOTE:
 714  * release per file audit resources when file structure is being released.
 715  *
 716  * IMPORTANT NOTE: Since we generate an audit record here, we may sleep
 717  *      on the audit queue if it becomes full. This means
 718  *      audit_closef can not be called when f_count == 0. Since
 719  *      f_count == 0 indicates the file structure is free, another
 720  *      process could attempt to use the file while we were still
 721  *      asleep waiting on the audit queue. This would cause the
 722  *      per file audit data to be corrupted when we finally do
 723  *      wakeup.
 724  * TODO:
 725  * QUESTION:
 726  */
 727 
 728 void
 729 audit_closef(struct file *fp)
 730 {       /* AUDIT_CLOSEF */
 731         f_audit_data_t *fad;
 732         t_audit_data_t *tad;
 733         int success;
 734         au_state_t estate;
 735         struct vnode *vp;
 736         token_t *ad = NULL;
 737         struct vattr attr;
 738         au_emod_t evmod = 0;
 739         const auditinfo_addr_t *ainfo;
 740         cred_t *cr;
 741         au_kcontext_t   *kctx = GET_KCTX_PZ;
 742         uint32_t auditing;
 743         boolean_t audit_attr = B_FALSE;
 744 
 745         fad = F2A(fp);
 746         estate = kctx->auk_ets[AUE_CLOSE];
 747         tad = U2A(u);
 748         cr = CRED();
 749 
 750         /* audit record already generated by system call envelope */


1581          * In that case, assume the running kernel data model.
1582          */
1583         if ((curthread->t_lwp == NULL) || (lwp_getdatamodel(
1584             ttolwp(curthread)) == DATAMODEL_NATIVE))
1585                 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1586         else
1587                 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
1588 #else
1589                 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1590 #endif
1591 
1592         if (sy_flags == SE_64RVAL)
1593                 au_write(ad, au_to_return64(err, rval));
1594         else
1595                 au_write(ad, au_to_return32(err, rval));
1596 
1597 }
1598 
1599 /*ARGSUSED*/
1600 void
1601 audit_fdsend(fd, fp, error)
1602         int fd;
1603         struct file *fp;
1604         int error;              /* ignore for now */
1605 {
1606         t_audit_data_t *tad;    /* current thread */
1607         f_audit_data_t *fad;    /* per file audit structure */
1608         struct vnode *vp;       /* for file attributes */
1609 
1610         /* is this system call being audited */
1611         tad = U2A(u);
1612         ASSERT(tad != (t_audit_data_t *)0);
1613         if (!tad->tad_flag)
1614                 return;
1615 
1616         fad = F2A(fp);
1617 
1618         /* add path and file attributes */
1619         if (fad != NULL && fad->fad_aupath != NULL) {
1620                 au_uwrite(au_to_arg32(0, "send fd", (uint32_t)fd));
1621                 au_uwrite(au_to_path(fad->fad_aupath));
1622         } else {
1623                 au_uwrite(au_to_arg32(0, "send fd", (uint32_t)fd));
1624 #ifdef _LP64


1656         /* Tell audit_success() and audit_finish() that we saw this case */
1657         if (!(tad->tad_evmod & sbit)) {
1658                 /* Clear set first time around */
1659                 priv_emptyset(target);
1660                 tad->tad_evmod |= sbit;
1661         }
1662 
1663         /* Save the privileges in the tad */
1664         if (priv == PRIV_ALL) {
1665                 priv_fillset(target);
1666         } else {
1667                 ASSERT(set != NULL || priv != PRIV_NONE);
1668                 if (set != NULL)
1669                         priv_union(set, target);
1670                 if (priv != PRIV_NONE)
1671                         priv_addset(target, priv);
1672         }
1673 }
1674 
1675 /*

































































1676  * Audit the setpriv() system call; the operation, the set name and
1677  * the current value as well as the set argument are put in the
1678  * audit trail.
1679  */
1680 void
1681 audit_setppriv(int op, int set, const priv_set_t *newpriv, const cred_t *ocr)
1682 {
1683         t_audit_data_t *tad;
1684         const priv_set_t *oldpriv;
1685         priv_set_t report;
1686         const char *setname;
1687 
1688         tad = U2A(u);
1689 
1690         if (tad->tad_flag == 0)
1691                 return;
1692 
1693         oldpriv = priv_getset(ocr, set);
1694 
1695         /* Generate the actual record, include the before and after */


1732         if (tad->tad_flag == 0)
1733                 return;
1734 
1735         for (i = 0; i < nitems; i++) {
1736                 au_uwrite(au_to_arg32(2, "major", items[i].dps_maj));
1737                 if (items[i].dps_minornm[0] == '\0') {
1738                         au_uwrite(au_to_arg32(2, "lomin", items[i].dps_lomin));
1739                         au_uwrite(au_to_arg32(2, "himin", items[i].dps_himin));
1740                 } else
1741                         au_uwrite(au_to_text(items[i].dps_minornm));
1742 
1743                 au_uwrite(au_to_privset("read", &items[i].dps_rdp,
1744                     AUT_PRIV, 0));
1745                 au_uwrite(au_to_privset("write", &items[i].dps_wrp,
1746                     AUT_PRIV, 0));
1747         }
1748 }
1749 
1750 /*ARGSUSED*/
1751 void
1752 audit_fdrecv(fd, fp)
1753         int fd;
1754         struct file *fp;
1755 {
1756         t_audit_data_t *tad;    /* current thread */
1757         f_audit_data_t *fad;    /* per file audit structure */
1758         struct vnode *vp;       /* for file attributes */
1759 
1760         /* is this system call being audited */
1761         tad = U2A(u);
1762         ASSERT(tad != (t_audit_data_t *)0);
1763         if (!tad->tad_flag)
1764                 return;
1765 
1766         fad = F2A(fp);
1767 
1768         /* add path and file attributes */
1769         if (fad != NULL && fad->fad_aupath != NULL) {
1770                 au_uwrite(au_to_arg32(0, "recv fd", (uint32_t)fd));
1771                 au_uwrite(au_to_path(fad->fad_aupath));
1772         } else {
1773                 au_uwrite(au_to_arg32(0, "recv fd", (uint32_t)fd));
1774 #ifdef _LP64




 710  * ROUTINE:     AUDIT_CLOSEF
 711  * PURPOSE:
 712  * CALLBY:      CLOSEF
 713  * NOTE:
 714  * release per file audit resources when file structure is being released.
 715  *
 716  * IMPORTANT NOTE: Since we generate an audit record here, we may sleep
 717  *      on the audit queue if it becomes full. This means
 718  *      audit_closef can not be called when f_count == 0. Since
 719  *      f_count == 0 indicates the file structure is free, another
 720  *      process could attempt to use the file while we were still
 721  *      asleep waiting on the audit queue. This would cause the
 722  *      per file audit data to be corrupted when we finally do
 723  *      wakeup.
 724  * TODO:
 725  * QUESTION:
 726  */
 727 
 728 void
 729 audit_closef(struct file *fp)
 730 {
 731         f_audit_data_t *fad;
 732         t_audit_data_t *tad;
 733         int success;
 734         au_state_t estate;
 735         struct vnode *vp;
 736         token_t *ad = NULL;
 737         struct vattr attr;
 738         au_emod_t evmod = 0;
 739         const auditinfo_addr_t *ainfo;
 740         cred_t *cr;
 741         au_kcontext_t   *kctx = GET_KCTX_PZ;
 742         uint32_t auditing;
 743         boolean_t audit_attr = B_FALSE;
 744 
 745         fad = F2A(fp);
 746         estate = kctx->auk_ets[AUE_CLOSE];
 747         tad = U2A(u);
 748         cr = CRED();
 749 
 750         /* audit record already generated by system call envelope */


1581          * In that case, assume the running kernel data model.
1582          */
1583         if ((curthread->t_lwp == NULL) || (lwp_getdatamodel(
1584             ttolwp(curthread)) == DATAMODEL_NATIVE))
1585                 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1586         else
1587                 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
1588 #else
1589                 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1590 #endif
1591 
1592         if (sy_flags == SE_64RVAL)
1593                 au_write(ad, au_to_return64(err, rval));
1594         else
1595                 au_write(ad, au_to_return32(err, rval));
1596 
1597 }
1598 
1599 /*ARGSUSED*/
1600 void
1601 audit_fdsend(int fd, struct file *fp, int error)



1602 {
1603         t_audit_data_t *tad;    /* current thread */
1604         f_audit_data_t *fad;    /* per file audit structure */
1605         struct vnode *vp;       /* for file attributes */
1606 
1607         /* is this system call being audited */
1608         tad = U2A(u);
1609         ASSERT(tad != (t_audit_data_t *)0);
1610         if (!tad->tad_flag)
1611                 return;
1612 
1613         fad = F2A(fp);
1614 
1615         /* add path and file attributes */
1616         if (fad != NULL && fad->fad_aupath != NULL) {
1617                 au_uwrite(au_to_arg32(0, "send fd", (uint32_t)fd));
1618                 au_uwrite(au_to_path(fad->fad_aupath));
1619         } else {
1620                 au_uwrite(au_to_arg32(0, "send fd", (uint32_t)fd));
1621 #ifdef _LP64


1653         /* Tell audit_success() and audit_finish() that we saw this case */
1654         if (!(tad->tad_evmod & sbit)) {
1655                 /* Clear set first time around */
1656                 priv_emptyset(target);
1657                 tad->tad_evmod |= sbit;
1658         }
1659 
1660         /* Save the privileges in the tad */
1661         if (priv == PRIV_ALL) {
1662                 priv_fillset(target);
1663         } else {
1664                 ASSERT(set != NULL || priv != PRIV_NONE);
1665                 if (set != NULL)
1666                         priv_union(set, target);
1667                 if (priv != PRIV_NONE)
1668                         priv_addset(target, priv);
1669         }
1670 }
1671 
1672 /*
1673  * Audit the psecflags() system call; the set name, current value, and delta
1674  * are put in the audit trail.
1675  */
1676 void
1677 audit_psecflags(proc_t *p,
1678     psecflagwhich_t which,
1679     const secflagdelta_t *psd)
1680 {
1681         t_audit_data_t *tad;
1682         secflagset_t new;
1683         const secflagset_t *old;
1684         const char *s;
1685         cred_t *cr;
1686         pid_t pid;
1687         const auditinfo_addr_t  *ainfo;
1688         const psecflags_t *psec = &p->p_secflags;
1689 
1690         tad = U2A(u);
1691 
1692         if (tad->tad_flag == 0)
1693                 return;
1694 
1695         switch (which) {
1696         case PSF_EFFECTIVE:
1697                 s = "effective";
1698                 old = &psec->psf_effective;
1699                 break;
1700         case PSF_INHERIT:
1701                 s = "inherit";
1702                 old = &psec->psf_inherit;
1703                 break;
1704         case PSF_LOWER:
1705                 s = "lower";
1706                 old = &psec->psf_lower;
1707                 break;
1708         case PSF_UPPER:
1709                 s = "upper";
1710                 old = &psec->psf_upper;
1711                 break;
1712         }
1713 
1714         secflags_copy(&new, old);
1715         secflags_apply_delta(&new, psd);
1716 
1717         au_uwrite(au_to_secflags(s, *old));
1718         au_uwrite(au_to_secflags(s, new));
1719 
1720         ASSERT(mutex_owned(&p->p_lock));
1721         mutex_enter(&p->p_crlock);
1722 
1723         pid = p->p_pid;
1724         crhold(cr = p->p_cred);
1725         mutex_exit(&p->p_crlock);
1726 
1727         if ((ainfo = crgetauinfo(cr)) == NULL) {
1728                 crfree(cr);
1729                 return;
1730         }
1731 
1732         AUDIT_SETPROC_GENERIC(&(u_ad), cr, ainfo, pid);
1733 
1734         crfree(cr);
1735 }
1736 
1737 /*
1738  * Audit the setpriv() system call; the operation, the set name and
1739  * the current value as well as the set argument are put in the
1740  * audit trail.
1741  */
1742 void
1743 audit_setppriv(int op, int set, const priv_set_t *newpriv, const cred_t *ocr)
1744 {
1745         t_audit_data_t *tad;
1746         const priv_set_t *oldpriv;
1747         priv_set_t report;
1748         const char *setname;
1749 
1750         tad = U2A(u);
1751 
1752         if (tad->tad_flag == 0)
1753                 return;
1754 
1755         oldpriv = priv_getset(ocr, set);
1756 
1757         /* Generate the actual record, include the before and after */


1794         if (tad->tad_flag == 0)
1795                 return;
1796 
1797         for (i = 0; i < nitems; i++) {
1798                 au_uwrite(au_to_arg32(2, "major", items[i].dps_maj));
1799                 if (items[i].dps_minornm[0] == '\0') {
1800                         au_uwrite(au_to_arg32(2, "lomin", items[i].dps_lomin));
1801                         au_uwrite(au_to_arg32(2, "himin", items[i].dps_himin));
1802                 } else
1803                         au_uwrite(au_to_text(items[i].dps_minornm));
1804 
1805                 au_uwrite(au_to_privset("read", &items[i].dps_rdp,
1806                     AUT_PRIV, 0));
1807                 au_uwrite(au_to_privset("write", &items[i].dps_wrp,
1808                     AUT_PRIV, 0));
1809         }
1810 }
1811 
1812 /*ARGSUSED*/
1813 void
1814 audit_fdrecv(int fd, struct file *fp)


1815 {
1816         t_audit_data_t *tad;    /* current thread */
1817         f_audit_data_t *fad;    /* per file audit structure */
1818         struct vnode *vp;       /* for file attributes */
1819 
1820         /* is this system call being audited */
1821         tad = U2A(u);
1822         ASSERT(tad != (t_audit_data_t *)0);
1823         if (!tad->tad_flag)
1824                 return;
1825 
1826         fad = F2A(fp);
1827 
1828         /* add path and file attributes */
1829         if (fad != NULL && fad->fad_aupath != NULL) {
1830                 au_uwrite(au_to_arg32(0, "recv fd", (uint32_t)fd));
1831                 au_uwrite(au_to_path(fad->fad_aupath));
1832         } else {
1833                 au_uwrite(au_to_arg32(0, "recv fd", (uint32_t)fd));
1834 #ifdef _LP64