summaryrefslogtreecommitdiff
path: root/bin/systrace
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2002-06-04 22:45:26 +0000
committerNiels Provos <provos@cvs.openbsd.org>2002-06-04 22:45:26 +0000
commit4058ec40ce2dda7f8f853b1f55445ac439f2904b (patch)
treedb5b76a7161b231f672684b72d3cf87152b5496c /bin/systrace
parent8ac402c3121b13cfabe361a53b1887c28d51e246 (diff)
log offending syscalls to syslog in automatic mode. dugsong@
Diffstat (limited to 'bin/systrace')
-rw-r--r--bin/systrace/systrace.c17
-rw-r--r--bin/systrace/systrace.h4
-rw-r--r--bin/systrace/util.c19
3 files changed, 32 insertions, 8 deletions
diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c
index 6c9a32800c7..c7d37833b63 100644
--- a/bin/systrace/systrace.c
+++ b/bin/systrace/systrace.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: systrace.c,v 1.8 2002/06/04 20:13:19 provos Exp $ */
+/* $OpenBSD: systrace.c,v 1.9 2002/06/04 22:45:25 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -38,6 +38,7 @@
#include <stdio.h>
#include <fcntl.h>
#include <signal.h>
+#include <syslog.h>
#include <err.h>
#include <errno.h>
@@ -50,6 +51,7 @@ int connected = 0; /* Connected to GUI */
int inherit = 0; /* Inherit policy to childs */
int automatic = 0; /* Do not run interactively */
int userpolicy = 1; /* Permit user defined policies */
+char *username = NULL; /* Username in automatic mode */
short
trans_cb(int fd, pid_t pid, int policynr,
@@ -101,6 +103,7 @@ trans_cb(int fd, pid_t pid, int policynr,
goto out;
if (policy->flags & POLICY_UNSUPERVISED) {
action = ICPOLICY_NEVER;
+ syslog(LOG_WARNING, "user: %s, prog: %s", username, output);
goto out;
}
@@ -137,11 +140,6 @@ gen_cb(int fd, pid_t pid, int policynr, char *name, int code,
errx(1, "%s:%d: find %d\n", __func__, __LINE__,
policynr);
- if (policy->flags & POLICY_UNSUPERVISED) {
- action = ICPOLICY_NEVER;
- goto out;
- }
-
ipid = intercept_getpid(pid);
ipid->uflags = 0;
snprintf(output, sizeof(output),
@@ -149,6 +147,12 @@ gen_cb(int fd, pid_t pid, int policynr, char *name, int code,
ipid->name != NULL ? ipid->name : policy->name, pid, policynr,
policy->name, policy->nfilters, emulation, name, code, argsize);
+ if (policy->flags & POLICY_UNSUPERVISED) {
+ action = ICPOLICY_NEVER;
+ syslog(LOG_WARNING, "user: %s, prog: %s", username, output);
+ goto out;
+ }
+
action = filter_ask(NULL, NULL, policynr, emulation, name,
output, &future, &ipid->uflags);
if (future != ICPOLICY_ASK)
@@ -391,6 +395,7 @@ main(int argc, char **argv)
switch (c) {
case 'a':
automatic = 1;
+ username = uid_to_name(getuid());
break;
case 'i':
inherit = 1;
diff --git a/bin/systrace/systrace.h b/bin/systrace/systrace.h
index 9ee40ad3dd5..b00a5523c4e 100644
--- a/bin/systrace/systrace.h
+++ b/bin/systrace/systrace.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: systrace.h,v 1.3 2002/06/04 19:43:35 provos Exp $ */
+/* $OpenBSD: systrace.h,v 1.4 2002/06/04 22:45:25 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -122,6 +122,8 @@ char *filter_expand(char *data);
int parse_filter(char *, struct filter **);
+char *uid_to_name(uid_t);
+
char *strrpl(char *, size_t, char *, char *);
extern struct intercept_translate oflags;
diff --git a/bin/systrace/util.c b/bin/systrace/util.c
index 2e008ee739c..d8130c1da3d 100644
--- a/bin/systrace/util.c
+++ b/bin/systrace/util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: util.c,v 1.3 2002/06/04 19:20:54 provos Exp $ */
+/* $OpenBSD: util.c,v 1.4 2002/06/04 22:45:25 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -32,6 +32,8 @@
#include <sys/types.h>
#include <string.h>
#include <ctype.h>
+#include <stdio.h>
+#include <pwd.h>
char *
strrpl(char *str, size_t size, char *match, char *value)
@@ -67,6 +69,21 @@ strrpl(char *str, size_t size, char *match, char *value)
return (p);
}
+char *
+uid_to_name(uid_t uid)
+{
+ static char buf[128];
+ struct passwd *pw;
+
+ if ((pw = getpwuid(uid)) == NULL)
+ snprintf(buf, sizeof(buf), "uid %d", uid);
+ else
+ snprintf(buf, sizeof(buf), "%s", pw->pw_name);
+
+ return (buf);
+}
+
+
/* simplify_path is from pdksh and apparently in the public domain */
/* ISABSPATH() means path is fully and completely specified,