From 085a0d43caee81deb45157e8e52f56b29a955995 Mon Sep 17 00:00:00 2001
From: Wayne Salamon <wsalamon@FreeBSD.org>
Date: Tue, 14 Feb 2006 01:18:31 +0000
Subject: [PATCH] Audit the arguments to the ptrace(2) system call.

Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
---
 sys/kern/sys_process.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index c3be1f6015b..eeb56a4af4b 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -49,6 +49,8 @@ __FBSDID("$FreeBSD$");
 
 #include <machine/reg.h>
 
+#include <security/audit/audit.h>
+
 #include <vm/vm.h>
 #include <vm/pmap.h>
 #include <vm/vm_extern.h>
@@ -404,6 +406,10 @@ ptrace(struct thread *td, struct ptrace_args *uap)
 	if (td->td_proc->p_sysent == &ia32_freebsd_sysvec)
 		wrap32 = 1;
 #endif
+	AUDIT_ARG(pid, uap->pid);
+	AUDIT_ARG(cmd, uap->req);
+	AUDIT_ARG(addr, uap->addr);
+	AUDIT_ARG(value, uap->data);
 	addr = &r;
 	switch (uap->req) {
 	case PT_GETREGS:
@@ -551,6 +557,7 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
 			pid = p->p_pid;
 		}
 	}
+	AUDIT_ARG(process, p);
 	if ((error = p_cansee(td, p)) != 0)
 		goto fail;