https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229696
Bug ID: 229696
Summary: Misplaced negation symbol in auditon(2)'s A_SETPOLICY
cmd option
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: anik...@iitk.ac.in
The system code for auditon(2)'s A_{GET/SET}POLICY command confirms whether
user submitted only the allowed values for A_{SET/GET}POLICY by the following
method:
if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV|AUDIT_ARGE))
return (EINVAL);
That is: If a bit other than the 4 mentioned above is submitted, we'll get
EINVAL.
However, The negation bit is misplaced for "udata.au_policy64" case:
if (udata.au_policy & (~AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV|AUDIT_ARGE))
return (EINVAL);
This returns EINVAL almost everytime. The only occasion when I got a success
was passing 0 as the flags, which is not recommended if the system already has
some of the flags set.
TEST PLAN:
========
Try this piece of code. If your system has any of the flags set, you'll
probably get EINVAL too.
#include <bsm/audit.h>
#include <stdio.h>
void main(){
int auditpolicy;
auditon(A_GETPOLICY, &auditpolicy, sizeof(&auditpolicy));
printf("retrieved policy = %d\n", auditpolicy);
int retval = auditon(A_SETPOLICY, &auditpolicy, sizeof(&auditpolicy));
if (retval < 0)
perror("setpolicy");
}
Fix: review D16222
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
