[PATCH] auditing ptrace

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2007-03-20 13:58:35 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2007-05-11 05:38:25 -0400
commit: a5cb013da773a67ee48d1c19e96436c22a73a7eb (patch)
tree: 8832d105c4742674423bd50352b8a4805c44fecc /kernel
parent: 129a84de2347002f09721cda3155ccfd19fade40 (diff)
2 files changed, 32 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 628c7ac590a0..2243c559bc03 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -209,6 +209,9 @@ struct audit_context {
        unsigned long       personality;
        int                 arch;
+        pid_t               target_pid;
+        u32                 target_sid;
 #if AUDIT_DEBUG
        int                 put_count;
        int                 ino_count;
@@ -973,6 +976,23 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                audit_log_end(ab);
        }
+        if (context->target_pid) {
+                ab =audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
+                if (ab) {
+                        char *s = NULL, *t;
+                        u32 len;
+                        if (selinux_sid_to_string(context->target_sid,
+                                                    &s, &len))
+                                t = "(none)";
+                        else
+                                t = s;
+                        audit_log_format(ab, "opid=%d obj=%s",
+                                        context->target_pid, t);
+                        audit_log_end(ab);
+                        kfree(s);
+                }
+        }
        if (context->pwd && context->pwdmnt) {
                ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD);
                if (ab) {
@@ -1193,6 +1213,7 @@ void audit_syscall_exit(int valid, long return_code)
        } else {
                audit_free_names(context);
                audit_free_aux(context);
+                context->target_pid = 0;
                kfree(context->filterkey);
                context->filterkey = NULL;
                tsk->audit_context = context;
@@ -1880,6 +1901,14 @@ int audit_sockaddr(int len, void *a)
        return 0;
 }
+void __audit_ptrace(struct task_struct *t)
+{
+        struct audit_context *context = current->audit_context;
+        context->target_pid = t->pid;
+        selinux_get_task_sid(t, &context->target_sid);
+}
 /**
 * audit_avc_path - record the granting or denial of permissions
 * @dentry: dentry to record
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 4d50e06fd745..ad7949a589dd 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -18,6 +18,7 @@
 #include <linux/ptrace.h>
 #include <linux/security.h>
 #include <linux/signal.h>
+#include <linux/audit.h>
 #include <asm/pgtable.h>
 #include <asm/uaccess.h>
@@ -161,6 +162,8 @@ int ptrace_attach(struct task_struct *task)
 {
        int retval;
+        audit_ptrace(task);
        retval = -EPERM;
        if (task->pid <= 1)
                goto out;
author	Al Viro <viro@zeniv.linux.org.uk>	2007-03-20 13:58:35 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2007-05-11 05:38:25 -0400
commit	a5cb013da773a67ee48d1c19e96436c22a73a7eb (patch)
tree	8832d105c4742674423bd50352b8a4805c44fecc /kernel
parent	129a84de2347002f09721cda3155ccfd19fade40 (diff)