diff options
| author | <dwmw2@shinybook.infradead.org> | 2005-04-29 11:08:28 -0400 |
|---|---|---|
| committer | <dwmw2@shinybook.infradead.org> | 2005-04-29 11:08:28 -0400 |
| commit | 2fd6f58ba6efc82ea2c9c2630f7ff5ed9eeaf34a (patch) | |
| tree | 87cf236a78ad242ae01f1b71c289131e6d1c0662 /arch/ia64 | |
| parent | ea3834d9fb348fb1144ad3affea22df933eaf62e (diff) | |
[AUDIT] Don't allow ptrace to fool auditing, log arch of audited syscalls.
We were calling ptrace_notify() after auditing the syscall and arguments,
but the debugger could have _changed_ them before the syscall was actually
invoked. Reorder the calls to fix that.
While we're touching ever call to audit_syscall_entry(), we also make it
take an extra argument: the architecture of the syscall which was made,
because some architectures allow more than one type of syscall.
Also add an explicit success/failure flag to audit_syscall_exit(), for
the benefit of architectures which return that in a condition register
rather than only returning a single register.
Change type of syscall return value to 'long' not 'int'.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'arch/ia64')
| -rw-r--r-- | arch/ia64/kernel/ptrace.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c index 55789fcd7210..8dde0b16d4c8 100644 --- a/arch/ia64/kernel/ptrace.c +++ b/arch/ia64/kernel/ptrace.c | |||
| @@ -1595,20 +1595,25 @@ syscall_trace_enter (long arg0, long arg1, long arg2, long arg3, | |||
| 1595 | long arg4, long arg5, long arg6, long arg7, | 1595 | long arg4, long arg5, long arg6, long arg7, |
| 1596 | struct pt_regs regs) | 1596 | struct pt_regs regs) |
| 1597 | { | 1597 | { |
| 1598 | long syscall; | 1598 | if (test_thread_flag(TIF_SYSCALL_TRACE) |
| 1599 | && (current->ptrace & PT_PTRACED)) | ||
| 1600 | syscall_trace(); | ||
| 1599 | 1601 | ||
| 1600 | if (unlikely(current->audit_context)) { | 1602 | if (unlikely(current->audit_context)) { |
| 1601 | if (IS_IA32_PROCESS(®s)) | 1603 | long syscall; |
| 1604 | int arch; | ||
| 1605 | |||
| 1606 | if (IS_IA32_PROCESS(®s)) { | ||
| 1602 | syscall = regs.r1; | 1607 | syscall = regs.r1; |
| 1603 | else | 1608 | arch = AUDIT_ARCH_I386; |
| 1609 | } else { | ||
| 1604 | syscall = regs.r15; | 1610 | syscall = regs.r15; |
| 1611 | arch = AUDIT_ARCH_IA64; | ||
| 1612 | } | ||
| 1605 | 1613 | ||
| 1606 | audit_syscall_entry(current, syscall, arg0, arg1, arg2, arg3); | 1614 | audit_syscall_entry(current, arch, syscall, arg0, arg1, arg2, arg3); |
| 1607 | } | 1615 | } |
| 1608 | 1616 | ||
| 1609 | if (test_thread_flag(TIF_SYSCALL_TRACE) | ||
| 1610 | && (current->ptrace & PT_PTRACED)) | ||
| 1611 | syscall_trace(); | ||
| 1612 | } | 1617 | } |
| 1613 | 1618 | ||
| 1614 | /* "asmlinkage" so the input arguments are preserved... */ | 1619 | /* "asmlinkage" so the input arguments are preserved... */ |
| @@ -1619,7 +1624,7 @@ syscall_trace_leave (long arg0, long arg1, long arg2, long arg3, | |||
| 1619 | struct pt_regs regs) | 1624 | struct pt_regs regs) |
| 1620 | { | 1625 | { |
| 1621 | if (unlikely(current->audit_context)) | 1626 | if (unlikely(current->audit_context)) |
| 1622 | audit_syscall_exit(current, regs.r8); | 1627 | audit_syscall_exit(current, AUDITSC_RESULT(regs.r10), regs.r8); |
| 1623 | 1628 | ||
| 1624 | if (test_thread_flag(TIF_SYSCALL_TRACE) | 1629 | if (test_thread_flag(TIF_SYSCALL_TRACE) |
| 1625 | && (current->ptrace & PT_PTRACED)) | 1630 | && (current->ptrace & PT_PTRACED)) |