diff options
author | Niels Provos <provos@cvs.openbsd.org> | 2002-06-04 22:45:26 +0000 |
---|---|---|
committer | Niels Provos <provos@cvs.openbsd.org> | 2002-06-04 22:45:26 +0000 |
commit | 4058ec40ce2dda7f8f853b1f55445ac439f2904b (patch) | |
tree | db5b76a7161b231f672684b72d3cf87152b5496c /bin/systrace | |
parent | 8ac402c3121b13cfabe361a53b1887c28d51e246 (diff) |
log offending syscalls to syslog in automatic mode. dugsong@
Diffstat (limited to 'bin/systrace')
-rw-r--r-- | bin/systrace/systrace.c | 17 | ||||
-rw-r--r-- | bin/systrace/systrace.h | 4 | ||||
-rw-r--r-- | bin/systrace/util.c | 19 |
3 files changed, 32 insertions, 8 deletions
diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c index 6c9a32800c7..c7d37833b63 100644 --- a/bin/systrace/systrace.c +++ b/bin/systrace/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.8 2002/06/04 20:13:19 provos Exp $ */ +/* $OpenBSD: systrace.c,v 1.9 2002/06/04 22:45:25 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -38,6 +38,7 @@ #include <stdio.h> #include <fcntl.h> #include <signal.h> +#include <syslog.h> #include <err.h> #include <errno.h> @@ -50,6 +51,7 @@ int connected = 0; /* Connected to GUI */ int inherit = 0; /* Inherit policy to childs */ int automatic = 0; /* Do not run interactively */ int userpolicy = 1; /* Permit user defined policies */ +char *username = NULL; /* Username in automatic mode */ short trans_cb(int fd, pid_t pid, int policynr, @@ -101,6 +103,7 @@ trans_cb(int fd, pid_t pid, int policynr, goto out; if (policy->flags & POLICY_UNSUPERVISED) { action = ICPOLICY_NEVER; + syslog(LOG_WARNING, "user: %s, prog: %s", username, output); goto out; } @@ -137,11 +140,6 @@ gen_cb(int fd, pid_t pid, int policynr, char *name, int code, errx(1, "%s:%d: find %d\n", __func__, __LINE__, policynr); - if (policy->flags & POLICY_UNSUPERVISED) { - action = ICPOLICY_NEVER; - goto out; - } - ipid = intercept_getpid(pid); ipid->uflags = 0; snprintf(output, sizeof(output), @@ -149,6 +147,12 @@ gen_cb(int fd, pid_t pid, int policynr, char *name, int code, ipid->name != NULL ? ipid->name : policy->name, pid, policynr, policy->name, policy->nfilters, emulation, name, code, argsize); + if (policy->flags & POLICY_UNSUPERVISED) { + action = ICPOLICY_NEVER; + syslog(LOG_WARNING, "user: %s, prog: %s", username, output); + goto out; + } + action = filter_ask(NULL, NULL, policynr, emulation, name, output, &future, &ipid->uflags); if (future != ICPOLICY_ASK) @@ -391,6 +395,7 @@ main(int argc, char **argv) switch (c) { case 'a': automatic = 1; + username = uid_to_name(getuid()); break; case 'i': inherit = 1; diff --git a/bin/systrace/systrace.h b/bin/systrace/systrace.h index 9ee40ad3dd5..b00a5523c4e 100644 --- a/bin/systrace/systrace.h +++ b/bin/systrace/systrace.h @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.h,v 1.3 2002/06/04 19:43:35 provos Exp $ */ +/* $OpenBSD: systrace.h,v 1.4 2002/06/04 22:45:25 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -122,6 +122,8 @@ char *filter_expand(char *data); int parse_filter(char *, struct filter **); +char *uid_to_name(uid_t); + char *strrpl(char *, size_t, char *, char *); extern struct intercept_translate oflags; diff --git a/bin/systrace/util.c b/bin/systrace/util.c index 2e008ee739c..d8130c1da3d 100644 --- a/bin/systrace/util.c +++ b/bin/systrace/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.3 2002/06/04 19:20:54 provos Exp $ */ +/* $OpenBSD: util.c,v 1.4 2002/06/04 22:45:25 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -32,6 +32,8 @@ #include <sys/types.h> #include <string.h> #include <ctype.h> +#include <stdio.h> +#include <pwd.h> char * strrpl(char *str, size_t size, char *match, char *value) @@ -67,6 +69,21 @@ strrpl(char *str, size_t size, char *match, char *value) return (p); } +char * +uid_to_name(uid_t uid) +{ + static char buf[128]; + struct passwd *pw; + + if ((pw = getpwuid(uid)) == NULL) + snprintf(buf, sizeof(buf), "uid %d", uid); + else + snprintf(buf, sizeof(buf), "%s", pw->pw_name); + + return (buf); +} + + /* simplify_path is from pdksh and apparently in the public domain */ /* ISABSPATH() means path is fully and completely specified, |