From owner-FreeBSD-tech-jp@jp.freebsd.org  Wed Jun 10 13:44:25 1998
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.8.8+3.0Wbeta13/8.7.3) id NAA06365;
	Wed, 10 Jun 1998 13:44:25 +0900 (JST)
	(envelope-from owner-FreeBSD-tech-jp@jp.FreeBSD.org)
Received: from gneiss.eps.nagoya-u.ac.jp (gneiss.eps.nagoya-u.ac.jp [133.6.124.148])
	by jaz.jp.freebsd.org (8.8.8+3.0Wbeta13/8.7.3) with ESMTP id NAA06356
	for <FreeBSD-tech-jp@jp.freebsd.org>; Wed, 10 Jun 1998 13:44:21 +0900 (JST)
	(envelope-from kato@ganko.eps.nagoya-u.ac.jp)
Received: from localhost (localhost [127.0.0.1])
	by gneiss.eps.nagoya-u.ac.jp (8.8.8/3.6Wbeta7) with ESMTP id NAA01427
	for <FreeBSD-tech-jp@jp.freebsd.org>; Wed, 10 Jun 1998 13:44:20 +0900 (JST)
To: FreeBSD-tech-jp@jp.freebsd.org
From: KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>
X-Mailer: Mew version 1.92.4 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
X-PGP-Fingerprint: 03 72 85 36 62 46 23 03  52 B1 10 22 44 10 0D 9E
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19980610134420I.kato@gneiss.eps.nagoya-u.ac.jp>
Date: Wed, 10 Jun 1998 13:44:20 +0900
X-Dispatcher: imput version 971024
Lines: 64
Reply-To: FreeBSD-tech-jp@jp.freebsd.org
Precedence: bulk
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=24]
X-Sequence: FreeBSD-tech-jp 1517
Subject: [FreeBSD-tech-jp 1517] logging root execve
Errors-To: owner-FreeBSD-tech-jp@jp.freebsd.org
Sender: owner-FreeBSD-tech-jp@jp.freebsd.org

$B2CF#!wL>Bg4d9[$G$9!%$3$s$J%Q%C%A$O$$$+$,$G$7$g$&$+!%(B

Q. root$B8"8B$G%W%m%0%i%`$,<B9T$5$l$?$H$-$N%m%0$r$H$j$?$$$N$G$9$,$I$&$7(B
   $B$?$i$h$$$G$7$g$&$+!)(B

A. $B0J2<$N%Q%C%A$r$"$F$F%+!<%M%k$r:F9=C[$7$F$/$@$5$$!%(B
	sysctl -w log_root_exec=1
   $B$r<B9T$9$k$H!$(Broot$B8"8B$G%W%m%0%i%`$,<B9T$5$l$k$H5-O?$,;D$j$^$9!%(B

---------- BEGIN ----------
*** kern_exec.c.orig	Wed Jun 10 01:26:56 1998
--- kern_exec.c	Wed Jun 10 01:27:02 1998
***************
*** 75,80 ****
--- 75,84 ----
  static caddr_t usrstack = (caddr_t)USRSTACK;
  SYSCTL_INT(_kern, KERN_USRSTACK, usrstack, 0, &usrstack, 0, "");
  
+ static	int log_root_exec = 0;
+ SYSCTL_INT(_kern, OID_AUTO, log_root_exec, CTLFLAG_RW,
+     &log_root_exec, 0, "");
+ 
  /*
   * execsw_set is constructed for us by the linker.  Each of the items
   * is a pointer to a `const struct execsw', hence the double pointer here.
***************
*** 105,110 ****
--- 109,115 ----
  	struct image_params image_params, *imgp;
  	struct vattr attr;
  	struct buf *bp = NULL;
+ 	char	*stringp;
  
  	imgp = &image_params;
  
***************
*** 330,335 ****
--- 335,351 ----
  	 */
  	p->p_cred->p_svuid = p->p_ucred->cr_uid;
  	p->p_cred->p_svgid = p->p_ucred->cr_gid;
+ 
+ 	if (log_root_exec && p->p_cred->pc_ucred->cr_uid == 0) {
+ 		log(LOG_NOTICE, "ROOT exec ");
+ 		for (i = 0, stringp = imgp->stringbase;
+ 		    i < 20 && i < imgp->argc; i++) {
+ 			log(LOG_NOTICE, "%s ", stringp);
+ 			while (*stringp++);
+ 		}
+ 		log(LOG_NOTICE, "\n");
+ 	}
+ 
  
  	/*
  	 * Store the vp for use in procfs
---------- END ----------

$B$A$J$_$K!$2?$,5/$-$k$+$h$/9M$($F$+$i<B9T$7$J$$$H$9$4$$$3$H$K$J$j$^$9!%(B

-----------------------------------------------+--------------------------+
Kato Takenori <kato@ganko.eps.nagoya-u.ac.jp>  |        FreeBSD           |
Dept. Earth Planet. Sci, Nagoya Univ.          |    The power to serve!   |
Nagoya, 464-8602, Japan                        |  http://www.FreeBSD.org/ |
++++ FreeBSD(98) 2.2.6: Rev. 02 available!     +==========================+
