| Summary: | Misplaced negation symbol in auditon(2)'s A_SETPOLICY cmd option | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Aniket Pandey <aniketp> |
| Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | New --- | ||
| Severity: | Affects Some People | CC: | asomers, cem |
| Priority: | --- | ||
| Version: | CURRENT | ||
| Hardware: | Any | ||
| OS: | Any | ||
The system code for auditon(2)'s A_{GET/SET}POLICY command confirms whether user submitted only the allowed values for A_{SET/GET}POLICY by the following method: if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV|AUDIT_ARGE)) return (EINVAL); That is: If a bit other than the 4 mentioned above is submitted, we'll get EINVAL. However, The negation bit is misplaced for "udata.au_policy64" case: if (udata.au_policy & (~AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV|AUDIT_ARGE)) return (EINVAL); This returns EINVAL almost everytime. The only occasion when I got a success was passing 0 as the flags, which is not recommended if the system already has some of the flags set. TEST PLAN: ======== Try this piece of code. If your system has any of the flags set, you'll probably get EINVAL too. #include <bsm/audit.h> #include <stdio.h> void main(){ int auditpolicy; auditon(A_GETPOLICY, &auditpolicy, sizeof(&auditpolicy)); printf("retrieved policy = %d\n", auditpolicy); int retval = auditon(A_SETPOLICY, &auditpolicy, sizeof(&auditpolicy)); if (retval < 0) perror("setpolicy"); } Fix: review D16222