Implied vnode accesses for system calls such as execve(2)

cadets / freebsd-old

FreeBSD src tree http://www.FreeBSD.org/

Other

12 stars 7 forks source link

Implied vnode accesses for system calls such as execve(2) #43

Open rwatson opened 8 years ago

rwatson commented 8 years ago

While explicit vnode arguments to system calls are audited, there are cases where file access may happen implicitly for certain system calls (e.g., rtld use in execve(2)). This task is to review those cases, and ponder an audit strategy for them.

arunthomas commented 7 years ago

@rwatson, is this complete? I believe you do pass on rtld info on now.

rwatson commented 7 years ago

This is semi-complete. We need to more thoroughly review behaviour with respect to rtld, interpreters, scripts, etc, and may require an additional entry in the audit structure if all three are in use. So we should probably leave the issue open for now.