Re: unveil in process accounting and lastcomm

Thu, 25 Jul 2019 03:01:31 -0700 

On Thu, Jul 18, 2019 at 04:13:10PM +0200, Alexander Bluhm wrote:
> $ lastcomm | grep -e '-[A-Z]U'
> pflogd     -FU     root    __         0.00 secs Thu Jul 18 14:19 (2:33:22.00)

Oops, I have forgotten to show the userland part of my diff.

Do we want unveil violators in the daily mail?  We can turn it off
if we get too many false positives.

ok?

bluhm

Index: etc/daily
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/etc/daily,v
retrieving revision 1.91
diff -u -p -r1.91 daily
--- etc/daily   6 Feb 2018 19:57:37 -0000       1.91
+++ etc/daily   25 Jul 2019 09:56:20 -0000
@@ -74,7 +74,7 @@ if [ -f /var/account/acct ]; then
                mv -f /var/account/acct.0 /var/account/acct.1
        cp -f /var/account/acct /var/account/acct.0
        sa -sq
-       lastcomm -f /var/account/acct.0 | grep -e ' -[A-Z]*[PT]'
+       lastcomm -f /var/account/acct.0 | grep -e ' -[A-Z]*[PTU]'
 fi

 # If ROOTBACKUP is set to 1 in the environment, and
Index: usr.bin/lastcomm/lastcomm.1
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.bin/lastcomm/lastcomm.1,v
retrieving revision 1.19
diff -u -p -r1.19 lastcomm.1
--- usr.bin/lastcomm/lastcomm.1 27 Feb 2018 07:58:29 -0000      1.19
+++ usr.bin/lastcomm/lastcomm.1 25 Jul 2019 09:42:15 -0000
@@ -115,10 +115,13 @@ indicates the command was terminated wit
 .Sq P
 indicates the command was terminated due to a
 .Xr pledge 2
-violation, and
+violation,
 .Sq T
 indicates the command did a memory access violation detected by a
-processor trap.
+processor trap, and
+.Sq U
+indicates the command tried a file access that was prevented by
+.Xr unveil 2 .
 .Sh FILES
 .Bl -tag -width /var/account/acct -compact
 .It Pa /var/account/acct
Index: usr.bin/lastcomm/lastcomm.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.bin/lastcomm/lastcomm.c,v
retrieving revision 1.27
diff -u -p -r1.27 lastcomm.c
--- usr.bin/lastcomm/lastcomm.c 27 Feb 2018 07:58:29 -0000      1.27
+++ usr.bin/lastcomm/lastcomm.c 25 Jul 2019 09:41:34 -0000
@@ -174,6 +174,7 @@ flagbits(int f)
        BIT(AXSIG, 'X');
        BIT(APLEDGE, 'P');
        BIT(ATRAP, 'T');
+       BIT(AUNVEIL, 'U');
        *p = '\0';
        return (flags);
 }

Reply via email to