|
|
http://perforce.freebsd.org/chv.cgi?CH=91074
Change 91074 by wsalamon@gretsch on 2006/02/04 16:09:08
Updated list of audited system calls, with some additional notes.
Affected files ...
.. //depot/projects/trustedbsd/audit3/notes/syscall_audit.tsv#4 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/notes/syscall_audit.tsv#4 (text+ko) ====
@@ -7,9 +7,12 @@
# Field 5 -> Comments
#
# For many of the fd-based ops, will need to create an attr token when vnode
-# is available. If an audited arg is followed by ?, need to decide whether to
-# audit. For some calls, the returned fd(s) probably should be audited because
-# pathname auditing for fd-based calls isn't reliable, so auditing the
+# is available. We will also audit the file decriptor to allow for
+# easier tracing through the log file, even though the attr token contains the
+# file ID.
+# If an audited arg is followed by ?, need to decide whether to audit
+# For some calls, the returned fd(s) probably should be audited because
+# pathname auditing for fd-based calls isn't done, therefore auditing the
# returned fd at time of creation (open, etc.) should be done so later calls
# can be traced back to a path in the audit trail.
#
@@ -28,14 +31,14 @@
SYS_unlink 10 Y Y path, attr
SYS_chdir 12 Y Y
-SYS_fchdir 13 Y N path; should fd be audited?
-SYS_mknod 14 Y N mode, dev, path
+SYS_fchdir 13 Y Y attr, fd
+SYS_mknod 14 Y Y mode, dev, path
SYS_chmod 15 Y Y mode, path
SYS_chown 16 Y Y uid, gid, path
SYS_break 17 N N
SYS_getpid 20 N N
-SYS_mount 21 Y N type, dir, flagsr; data?
+SYS_mount 21 Y N type, dir, flags
SYS_unmount 22 Y N dir, flags
SYS_setuid 23 Y N uid
SYS_getuid 24 N N
@@ -49,7 +52,7 @@
SYS_getsockname 32 ? N if audited: s, name;
namelen?
SYS_access 33 Y N path, mode
SYS_chflags 34 Y Y path, flags, attr
-SYS_fchflags 35 Y Y fd, fflags
+SYS_fchflags 35 Y Y fd, attr, fflags
SYS_sync 36 Y N
SYS_kill 37 Y N pid, sig
@@ -75,7 +78,7 @@
SYS_readlink 58 Y N path, buf, bufsiz
SYS_execve 59 Y N path, argv, envp?
SYS_umask 60 Y N numask
-SYS_chroot 61 Y N dirname
+SYS_chroot 61 Y Y dirname
SYS_old.fstat 62 ? N
SYS_old.getkerninfo 63 N N
@@ -109,7 +112,7 @@
SYS_dup2 90 N N
SYS_fcntl 92 Y N
SYS_select 93 N N
-SYS_fsync 95 Y N
+SYS_fsync 95 Y Y fd, attr
SYS_setpriority 96 Y N
SYS_socket 97 Y N
SYS_connect 98 Y N
@@ -126,14 +129,14 @@
SYS_readv 120 N N
SYS_writev 121 N N
SYS_settimeofday 122 Y N
-SYS_fchown 123 Y Y
-SYS_fchmod 124 Y Y
+SYS_fchown 123 Y Y fd, attr, new uid, new gid
+SYS_fchmod 124 Y Y fd, attr, new mode
SYS_setreuid 126 Y N
SYS_setregid 127 Y N
SYS_rename 128 Y N
-SYS_flock 131 Y N
+SYS_flock 131 Y N fd, operation, addr
SYS_mkfifo 132 Y N
SYS_sendto 133 Y N
SYS_shutdown 134 Y N
@@ -206,8 +209,8 @@
SYS_issetugid 253 N N
SYS_lchown 254 Y Y
SYS_getdents 272 Y N
-SYS_lchmod 274 Y Y
-SYS_netbsd_lchown 275 Y N
+SYS_lchmod 274 Y Y path, attr, new mode
+SYS_netbsd_lchown 275 Y N path, attr, new mode
SYS_lutimes 276 Y N
SYS_netbsd_msync 277 N N file writes are not audited
SYS_nstat 278 Y Y
@@ -284,7 +287,7 @@
SYS___setugid 374 ? N
SYS_nfsclnt 375 ? N
SYS_eaccess 376 ? N
-SYS_nmount 378 Y N
+SYS_nmount 378 Y Y iovec strings audited
SYS_kse_exit 379 ? N
SYS_kse_wakeup 380 ? N
SYS_kse_create 381 ? N
_______________________________________________
p4-projects@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/p4-projects
To unsubscribe, send any mail to "p4-projects-unsubscribe@xxxxxxxxxxx"
|
|