Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


  60 #include <c2/audit.h>
  61 #include <c2/audit_kernel.h>
  62 #include <c2/audit_kevents.h>
  63 #include <c2/audit_record.h>
  64 #include <sys/procset.h>
  65 #include <nfs/mount.h>
  66 #include <sys/param.h>
  67 #include <sys/debug.h>
  68 #include <sys/sysmacros.h>
  69 #include <sys/stream.h>
  70 #include <sys/strsubr.h>
  71 #include <sys/stropts.h>
  72 #include <sys/tihdr.h>
  73 #include <sys/socket.h>
  74 #include <sys/socketvar.h>
  75 #include <sys/vfs_opreg.h>
  76 #include <fs/sockfs/sockcommon.h>
  77 #include <netinet/in.h>
  78 #include <sys/ddi.h>
  79 #include <sys/port_impl.h>

  80 
  81 static au_event_t       aui_fchownat(au_event_t);
  82 static au_event_t       aui_fchmodat(au_event_t);
  83 static au_event_t       aui_open(au_event_t);
  84 static au_event_t       aui_openat(au_event_t);
  85 static au_event_t       aui_unlinkat(au_event_t);
  86 static au_event_t       aui_fstatat(au_event_t);
  87 static au_event_t       aui_msgsys(au_event_t);
  88 static au_event_t       aui_shmsys(au_event_t);
  89 static au_event_t       aui_semsys(au_event_t);
  90 static au_event_t       aui_utssys(au_event_t);
  91 static au_event_t       aui_fcntl(au_event_t);
  92 static au_event_t       aui_execve(au_event_t);
  93 static au_event_t       aui_memcntl(au_event_t);
  94 static au_event_t       aui_sysinfo(au_event_t);
  95 static au_event_t       aui_portfs(au_event_t);
  96 static au_event_t       aui_auditsys(au_event_t);
  97 static au_event_t       aui_modctl(au_event_t);
  98 static au_event_t       aui_acl(au_event_t);
  99 static au_event_t       aui_doorfs(au_event_t);
 100 static au_event_t       aui_privsys(au_event_t);
 101 static au_event_t       aui_forksys(au_event_t);
 102 static au_event_t       aui_labelsys(au_event_t);
 103 static au_event_t       aui_setpgrp(au_event_t);
 104 

 105 static void     aus_exit(struct t_audit_data *);
 106 static void     aus_open(struct t_audit_data *);
 107 static void     aus_openat(struct t_audit_data *);
 108 static void     aus_acl(struct t_audit_data *);
 109 static void     aus_acct(struct t_audit_data *);
 110 static void     aus_chown(struct t_audit_data *);
 111 static void     aus_fchown(struct t_audit_data *);
 112 static void     aus_lchown(struct t_audit_data *);
 113 static void     aus_fchownat(struct t_audit_data *);
 114 static void     aus_chmod(struct t_audit_data *);
 115 static void     aus_facl(struct t_audit_data *);
 116 static void     aus_fchmod(struct t_audit_data *);
 117 static void     aus_fchmodat(struct t_audit_data *);
 118 static void     aus_fcntl(struct t_audit_data *);
 119 static void     aus_mkdir(struct t_audit_data *);
 120 static void     aus_mkdirat(struct t_audit_data *);
 121 static void     aus_mknod(struct t_audit_data *);
 122 static void     aus_mknodat(struct t_audit_data *);
 123 static void     aus_mount(struct t_audit_data *);
 124 static void     aus_umount2(struct t_audit_data *);


 187 
 188 #define aui_null        NULL    /* NULL initialize function */
 189 #define aus_null        NULL    /* NULL start function */
 190 #define auf_null        NULL    /* NULL finish function */
 191 
 192 struct audit_s2e audit_s2e[] =
 193 {
 194 /*
 195  * ----------   ----------      ----------      ----------
 196  * INITIAL      AUDIT           START           SYSTEM
 197  * PROCESSING   EVENT           PROCESSING      CALL
 198  * ----------   ----------      ----------      -----------
 199  *              FINISH          EVENT
 200  *              PROCESSING      CONTROL
 201  * ----------------------------------------------------------
 202  */
 203 aui_null,       AUE_NULL,       aus_null,       /* 0 unused (indirect) */
 204                 auf_null,       0,
 205 aui_null,       AUE_EXIT,       aus_exit,       /* 1 exit */
 206                 auf_null,       S2E_NPT,
 207 aui_null,       AUE_NULL,       aus_null,       /* 2 (loadable) was forkall */
 208                 auf_null,       0,
 209 aui_null,       AUE_READ,       aus_null,       /* 3 read */
 210                 auf_read,       S2E_PUB,
 211 aui_null,       AUE_WRITE,      aus_null,       /* 4 write */
 212                 auf_write,      0,
 213 aui_open,       AUE_OPEN,       aus_open,       /* 5 open */
 214                 auf_null,       S2E_SP,
 215 aui_null,       AUE_CLOSE,      aus_close,      /* 6 close */
 216                 auf_null,       0,
 217 aui_null,       AUE_LINK,       aus_null,       /* 7 linkat */
 218                 auf_null,       0,
 219 aui_null,       AUE_NULL,       aus_null,       /* 8 (loadable) was creat */
 220                 auf_null,       0,
 221 aui_null,       AUE_LINK,       aus_null,       /* 9 link */
 222                 auf_null,       0,
 223 aui_null,       AUE_UNLINK,     aus_null,       /* 10 unlink */
 224                 auf_null,       0,
 225 aui_null,       AUE_SYMLINK,    aus_null,       /* 11 symlinkat */
 226                 auf_null,       0,
 227 aui_null,       AUE_CHDIR,      aus_null,       /* 12 chdir */


 726                 auf_null,       0
 727 };
 728 
 729 uint_t num_syscall = sizeof (audit_s2e) / sizeof (struct audit_s2e);
 730 
 731 
 732 /* exit start function */
 733 /*ARGSUSED*/
 734 static void
 735 aus_exit(struct t_audit_data *tad)
 736 {
 737         uint32_t rval;
 738         struct a {
 739                 long rval;
 740         } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
 741 
 742         rval = (uint32_t)uap->rval;
 743         au_uwrite(au_to_arg32(1, "exit status", rval));
 744 }
 745 

 746 /* acct start function */
 747 /*ARGSUSED*/
 748 static void
 749 aus_acct(struct t_audit_data *tad)
 750 {
 751         klwp_t *clwp = ttolwp(curthread);
 752         uintptr_t fname;
 753 
 754         struct a {
 755                 long    fname;          /* char * */
 756         } *uap = (struct a *)clwp->lwp_ap;
 757 
 758         fname = (uintptr_t)uap->fname;
 759 
 760         if (fname == 0)
 761                 au_uwrite(au_to_arg32(1, "accounting off", (uint32_t)0));
 762 }
 763 
 764 /* chown start function */
 765 /*ARGSUSED*/




  60 #include <c2/audit.h>
  61 #include <c2/audit_kernel.h>
  62 #include <c2/audit_kevents.h>
  63 #include <c2/audit_record.h>
  64 #include <sys/procset.h>
  65 #include <nfs/mount.h>
  66 #include <sys/param.h>
  67 #include <sys/debug.h>
  68 #include <sys/sysmacros.h>
  69 #include <sys/stream.h>
  70 #include <sys/strsubr.h>
  71 #include <sys/stropts.h>
  72 #include <sys/tihdr.h>
  73 #include <sys/socket.h>
  74 #include <sys/socketvar.h>
  75 #include <sys/vfs_opreg.h>
  76 #include <fs/sockfs/sockcommon.h>
  77 #include <netinet/in.h>
  78 #include <sys/ddi.h>
  79 #include <sys/port_impl.h>
  80 #include <sys/secflags.h>
  81 
  82 static au_event_t       aui_fchownat(au_event_t);
  83 static au_event_t       aui_fchmodat(au_event_t);
  84 static au_event_t       aui_open(au_event_t);
  85 static au_event_t       aui_openat(au_event_t);
  86 static au_event_t       aui_unlinkat(au_event_t);
  87 static au_event_t       aui_fstatat(au_event_t);
  88 static au_event_t       aui_msgsys(au_event_t);
  89 static au_event_t       aui_shmsys(au_event_t);
  90 static au_event_t       aui_semsys(au_event_t);
  91 static au_event_t       aui_utssys(au_event_t);
  92 static au_event_t       aui_fcntl(au_event_t);
  93 static au_event_t       aui_execve(au_event_t);
  94 static au_event_t       aui_memcntl(au_event_t);
  95 static au_event_t       aui_sysinfo(au_event_t);
  96 static au_event_t       aui_portfs(au_event_t);
  97 static au_event_t       aui_auditsys(au_event_t);
  98 static au_event_t       aui_modctl(au_event_t);
  99 static au_event_t       aui_acl(au_event_t);
 100 static au_event_t       aui_doorfs(au_event_t);
 101 static au_event_t       aui_privsys(au_event_t);
 102 static au_event_t       aui_forksys(au_event_t);
 103 static au_event_t       aui_labelsys(au_event_t);
 104 static au_event_t       aui_setpgrp(au_event_t);
 105 
 106 
 107 static void     aus_exit(struct t_audit_data *);
 108 static void     aus_open(struct t_audit_data *);
 109 static void     aus_openat(struct t_audit_data *);
 110 static void     aus_acl(struct t_audit_data *);
 111 static void     aus_acct(struct t_audit_data *);
 112 static void     aus_chown(struct t_audit_data *);
 113 static void     aus_fchown(struct t_audit_data *);
 114 static void     aus_lchown(struct t_audit_data *);
 115 static void     aus_fchownat(struct t_audit_data *);
 116 static void     aus_chmod(struct t_audit_data *);
 117 static void     aus_facl(struct t_audit_data *);
 118 static void     aus_fchmod(struct t_audit_data *);
 119 static void     aus_fchmodat(struct t_audit_data *);
 120 static void     aus_fcntl(struct t_audit_data *);
 121 static void     aus_mkdir(struct t_audit_data *);
 122 static void     aus_mkdirat(struct t_audit_data *);
 123 static void     aus_mknod(struct t_audit_data *);
 124 static void     aus_mknodat(struct t_audit_data *);
 125 static void     aus_mount(struct t_audit_data *);
 126 static void     aus_umount2(struct t_audit_data *);


 189 
 190 #define aui_null        NULL    /* NULL initialize function */
 191 #define aus_null        NULL    /* NULL start function */
 192 #define auf_null        NULL    /* NULL finish function */
 193 
 194 struct audit_s2e audit_s2e[] =
 195 {
 196 /*
 197  * ----------   ----------      ----------      ----------
 198  * INITIAL      AUDIT           START           SYSTEM
 199  * PROCESSING   EVENT           PROCESSING      CALL
 200  * ----------   ----------      ----------      -----------
 201  *              FINISH          EVENT
 202  *              PROCESSING      CONTROL
 203  * ----------------------------------------------------------
 204  */
 205 aui_null,       AUE_NULL,       aus_null,       /* 0 unused (indirect) */
 206                 auf_null,       0,
 207 aui_null,       AUE_EXIT,       aus_exit,       /* 1 exit */
 208                 auf_null,       S2E_NPT,
 209 aui_null,       AUE_PSECFLAGS,  aus_null,       /* 2 psecflags */
 210                 auf_null,       0,
 211 aui_null,       AUE_READ,       aus_null,       /* 3 read */
 212                 auf_read,       S2E_PUB,
 213 aui_null,       AUE_WRITE,      aus_null,       /* 4 write */
 214                 auf_write,      0,
 215 aui_open,       AUE_OPEN,       aus_open,       /* 5 open */
 216                 auf_null,       S2E_SP,
 217 aui_null,       AUE_CLOSE,      aus_close,      /* 6 close */
 218                 auf_null,       0,
 219 aui_null,       AUE_LINK,       aus_null,       /* 7 linkat */
 220                 auf_null,       0,
 221 aui_null,       AUE_NULL,       aus_null,       /* 8 (loadable) was creat */
 222                 auf_null,       0,
 223 aui_null,       AUE_LINK,       aus_null,       /* 9 link */
 224                 auf_null,       0,
 225 aui_null,       AUE_UNLINK,     aus_null,       /* 10 unlink */
 226                 auf_null,       0,
 227 aui_null,       AUE_SYMLINK,    aus_null,       /* 11 symlinkat */
 228                 auf_null,       0,
 229 aui_null,       AUE_CHDIR,      aus_null,       /* 12 chdir */


 728                 auf_null,       0
 729 };
 730 
 731 uint_t num_syscall = sizeof (audit_s2e) / sizeof (struct audit_s2e);
 732 
 733 
 734 /* exit start function */
 735 /*ARGSUSED*/
 736 static void
 737 aus_exit(struct t_audit_data *tad)
 738 {
 739         uint32_t rval;
 740         struct a {
 741                 long rval;
 742         } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
 743 
 744         rval = (uint32_t)uap->rval;
 745         au_uwrite(au_to_arg32(1, "exit status", rval));
 746 }
 747 
 748 
 749 /* acct start function */
 750 /*ARGSUSED*/
 751 static void
 752 aus_acct(struct t_audit_data *tad)
 753 {
 754         klwp_t *clwp = ttolwp(curthread);
 755         uintptr_t fname;
 756 
 757         struct a {
 758                 long    fname;          /* char * */
 759         } *uap = (struct a *)clwp->lwp_ap;
 760 
 761         fname = (uintptr_t)uap->fname;
 762 
 763         if (fname == 0)
 764                 au_uwrite(au_to_arg32(1, "accounting off", (uint32_t)0));
 765 }
 766 
 767 /* chown start function */
 768 /*ARGSUSED*/