|
Description
|
xxxxx@xxxxx.com 2008-July-09
The changes for:
6680957 labelsys appears to be making policy decisions, but doesn't appear
to be auditable
putback to snv_91 could be tidied up in a few places.
$SRC/uts/common/c2/audit_start.c
* The aui_labelsys() returns an au_event_t however the current code does
the following:
2599 if (cmd == TNDB_GET)
2600 return (NULL);
We should return AUE_NULL here since it is an audit event and it would
be consistent with code later in the routine:
2612 default:
2613 e = AUE_NULL;
2614 break;
2615 }
2616
2617 return (e);
* The lint directive ARGSUSED is not needed before the aus_labelsys()
function definition since the "tad" argument is used in the function.
2621 /*ARGSUSED*/
2622 static void
2623 aus_labelsys(struct t_audit_data *tad)
2624 {
[...]
2638 switch (tad->tad_event) {
* The aus_labelsys() AUE_LABELSYS_TNRHTP code could make sure that the
template name doesn't exceed TNTNAMSIZ to avoid any potential integer
overflow problems in au_to_text().
2684 tpent = kmem_alloc(sizeof (tsol_tpent_t), KM_SLEEP);
2685 if (copyin((caddr_t)a2, tpent, sizeof (tsol_tpent_t))) {
2686 kmem_free(tpent, sizeof (tsol_tpent_t));
2687 return;
2688 }
2689
2690 au_uwrite(au_to_text(tpent->name));
Since it is only the "name" structure element of tsol_tpent_t which is
needed here that could be the only thing copied in using copyinstr()
rather than the entire structure.
Thanks to Paul M. Roberts and William Roche for pointing these items out.
.
In addition to the above, I noticed that audit_start(), which calls aui_labelsys()
above, check for a return of NULL rather than AUE_NULL. This too should be made
consistent as part of this bug.
|
