From 8ec75c0fc367d47d0e86ac37894c63d9c124ad87 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Sun, 10 Jul 2016 09:50:21 +0000 Subject: [PATCH] Audit the file-descriptor number argument for openat(2). Remove a comment about the desirability of auditing the number, as it was in fact in the wrong place (in the common path for open(2) and openat(2), and only the latter accepts a file-descriptor argument). Where other ABIs support openat(2), it may be necessary to do additional argument auditing as it is not performed in kern_openat(9). MFC after: 3 days Sponsored by: DARPA, AFRL --- sys/kern/vfs_syscalls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index f2416e06528..836821186bc 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -942,6 +942,7 @@ int sys_openat(struct thread *td, struct openat_args *uap) { + AUDIT_ARG_FD(uap->fd); return (kern_openat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag, uap->mode)); } @@ -962,7 +963,6 @@ kern_openat(struct thread *td, int fd, char *path, enum uio_seg pathseg, AUDIT_ARG_FFLAGS(flags); AUDIT_ARG_MODE(mode); - /* XXX: audit dirfd */ cap_rights_init(&rights, CAP_LOOKUP); flags_to_rights(flags, &rights); /*