From 6d5107b8266f06e6fdf6daf2ffc8191dbe171466 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 17 Jun 2010 10:05:01 -0700 Subject: Remove AUDIT_SHELL option The concept of logging shell commands through audit subsystem is not useful because it is too hard to configure, requires special privledges, doesn't handle background commands, and is missing the necessary information... --- Makefile.in | 2 -- config-bot.h | 5 ----- config.h.in | 5 ----- configure | 15 ++------------- configure.in | 6 ------ debian/control | 6 ++---- debian/rules | 1 - doc/bash.1 | 17 ----------------- eval.c | 56 ++------------------------------------------------------ externs.h | 4 ---- flags.c | 6 ------ flags.h | 4 ---- shell.c | 30 ------------------------------ 13 files changed, 6 insertions(+), 151 deletions(-) diff --git a/Makefile.in b/Makefile.in index f792c37..421458f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -365,8 +365,6 @@ MALLOC_LIBRARY = @MALLOC_LIBRARY@ MALLOC_LDFLAGS = @MALLOC_LDFLAGS@ MALLOC_DEP = @MALLOC_DEP@ -AUDIT_LIB = @AUDIT_LIB@ - ALLOC_HEADERS = $(ALLOC_LIBSRC)/getpagesize.h $(ALLOC_LIBSRC)/shmalloc.h \ $(ALLOC_LIBSRC)/imalloc.h $(ALLOC_LIBSRC)/mstats.h \ $(ALLOC_LIBSRC)/table.h $(ALLOC_LIBSRC)/watch.h diff --git a/config-bot.h b/config-bot.h index aca6578..ffa393b 100644 --- a/config-bot.h +++ b/config-bot.h @@ -97,11 +97,6 @@ # define RESTRICTED_SHELL_NAME "rbash" #endif -/* If the shell is called by this name, it will become audited. */ -#if defined (AUDIT_SHELL) -# define AUDIT_SHELL_NAME "vbash" -#endif - /***********************************************************/ /* Make sure feature defines have necessary prerequisites. */ /***********************************************************/ diff --git a/config.h.in b/config.h.in index e1846a8..0ae1f1c 100644 --- a/config.h.in +++ b/config.h.in @@ -81,11 +81,6 @@ flag. */ #undef RESTRICTED_SHELL -/* Define AUDIT_SHELL if you want the generated shell to audit all - actions performed by root account. The shell thus generated can become - audited by being run with the name "vbash". */ -#undef AUDIT_SHELL - /* Define DISABLED_BUILTINS if you want "builtin foo" to always run the shell builtin "foo", even if it has been disabled with "enable -n foo". */ #undef DISABLED_BUILTINS diff --git a/configure b/configure index 9e31790..5cfe42d 100755 --- a/configure +++ b/configure @@ -678,7 +678,6 @@ HELPDIR HELPDIRDEFINE HELPINSTALL HELPSTRINGS -AUDIT_LIB CC CFLAGS LDFLAGS @@ -2467,13 +2466,6 @@ cat >>confdefs.h <<\_ACEOF #define RESTRICTED_SHELL 1 _ACEOF -fi -if test $opt_audit = yes; then -cat >>confdefs.h <<\_ACEOF -#define AUDIT_SHELL 1 -_ACEOF - -AUDIT_LIB='-laudit' fi if test $opt_process_subst = yes; then cat >>confdefs.h <<\_ACEOF @@ -2635,8 +2627,6 @@ fi - - echo "" echo "Beginning configuration for bash-$BASHVERS-$RELSTATUS for ${host_cpu}-${host_vendor}-${host_os}" echo "" @@ -28375,7 +28365,6 @@ HELPDIR!$HELPDIR$ac_delim HELPDIRDEFINE!$HELPDIRDEFINE$ac_delim HELPINSTALL!$HELPINSTALL$ac_delim HELPSTRINGS!$HELPSTRINGS$ac_delim -AUDIT_LIB!$AUDIT_LIB$ac_delim CC!$CC$ac_delim CFLAGS!$CFLAGS$ac_delim LDFLAGS!$LDFLAGS$ac_delim @@ -28412,6 +28401,7 @@ INSTALL_DATA!$INSTALL_DATA$ac_delim AR!$AR$ac_delim RANLIB!$RANLIB$ac_delim YACC!$YACC$ac_delim +YFLAGS!$YFLAGS$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then @@ -28453,7 +28443,6 @@ _ACEOF ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF -YFLAGS!$YFLAGS$ac_delim SET_MAKE!$SET_MAKE$ac_delim MAKE_SHELL!$MAKE_SHELL$ac_delim SIZE!$SIZE$ac_delim @@ -28510,7 +28499,7 @@ LOCAL_DEFS!$LOCAL_DEFS$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 55; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 54; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff --git a/configure.in b/configure.in index 9807f68..7c1aac2 100644 --- a/configure.in +++ b/configure.in @@ -256,10 +256,6 @@ fi if test $opt_restricted = yes; then AC_DEFINE(RESTRICTED_SHELL) fi -if test $opt_audit = yes; then -AC_DEFINE(AUDIT_SHELL) -AUDIT_LIB='-laudit' -fi if test $opt_process_subst = yes; then AC_DEFINE(PROCESS_SUBSTITUTION) fi @@ -361,8 +357,6 @@ AC_SUBST(HELPDIRDEFINE) AC_SUBST(HELPINSTALL) AC_SUBST(HELPSTRINGS) -AC_SUBST(AUDIT_LIB) - echo "" echo "Beginning configuration for bash-$BASHVERS-$RELSTATUS for ${host_cpu}-${host_vendor}-${host_os}" echo "" diff --git a/debian/control b/debian/control index ad32344..5efa3fe 100644 --- a/debian/control +++ b/debian/control @@ -4,15 +4,13 @@ Priority: optional Maintainer: Vyatta Package Maintainers Standards-Version: 3.6.2 Build-Depends: autoconf, patch, bison, libncurses5-dev, texinfo, autotools-dev, - debhelper (>= 4.1), texi2html, locales, libaudit-dev + debhelper (>= 4.1), texi2html, locales Build-Depends-Indep: tetex-bin Package: vyatta-bash Architecture: any Pre-Depends: ${shlibs:Pre-Depends} -Depends: base-files (>= 2.1.12), debianutils (>= 2.15), - bash (>= 3.1), libaudit0 -Suggests: auditd +Depends: base-files (>= 2.1.12), debianutils (>= 2.15), bash (>= 3.1) Section: shells Priority: optional Description: The Vyatta Shell based on GNU bash diff --git a/debian/rules b/debian/rules index 95f95bf..0ff2789 100755 --- a/debian/rules +++ b/debian/rules @@ -43,7 +43,6 @@ d = debian/$(p) conf_args = \ --with-curses \ --disable-net-redirections \ - --enable-audit \ --enable-largefile \ --prefix=/usr \ --infodir=/usr/share/info \ diff --git a/doc/bash.1 b/doc/bash.1 index 8cc22b8..fe0dba0 100644 --- a/doc/bash.1 +++ b/doc/bash.1 @@ -155,12 +155,6 @@ single-character options to be recognized. .PP .PD 0 .TP -.B \-\-audit -The shell logs all commands run by the root user (see -.SM -.B "AUDIT SHELL" -below). -.TP .B \-\-debugger Arrange for the debugger profile to be executed before the shell starts. @@ -8802,17 +8796,6 @@ turns off any restrictions in the shell spawned to execute the script. .\" end of rbash.1 .if \n(zY=1 .ig zY -.SH "AUDIT SHELL" -.zY -.PP -If -.B bash -is started with the name -.BR aubash , -or the -.B \-\-audit -option is supplied at invocation, the shell logs all commands issued by the root user to the audit system. -.if \n(zY=1 .ig zY .SH "SEE ALSO" .PD 0 .TP diff --git a/eval.c b/eval.c index 8c8d39c..293d177 100644 --- a/eval.c +++ b/eval.c @@ -45,12 +45,6 @@ # include "bashhist.h" #endif -#if defined (AUDIT_SHELL) -# include "filecntl.h" -# include -# include -#endif - extern int EOF_reached; extern int indirection_level; extern int posixly_correct; @@ -68,51 +62,13 @@ extern char *current_readline_line; extern int current_readline_line_index; #endif -#if defined (AUDIT_SHELL) -static int audit_fd = -1; -static char *audit_tty; - -static int -audit_start () -{ - if (audit_fd < 0) - { - audit_fd = audit_open (); - if (audit_fd < 0) - { - if (errno != EINVAL && errno != EPROTONOSUPPORT - && errno != EAFNOSUPPORT) - return -1; - } - else - SET_CLOSE_ON_EXEC(audit_fd); - } - - if (audit_tty == NULL) - { - char *tty = ttyname(fileno(stdin)); - if (tty) - audit_tty = strdup(tty); - } - - return 0; -} - -static void -audit (result) - int result; -{ - audit_log_user_command (audit_fd, AUDIT_USER_CMD, current_readline_line, - audit_tty, result == EXECUTION_SUCCESS); -} -#endif /* Read and execute commands until EOF is reached. This assumes that the input source has already been initialized. */ int reader_loop () { - int our_indirection_level, result; + int our_indirection_level; COMMAND * volatile current_command; current_command = (COMMAND *)NULL; @@ -120,11 +76,6 @@ reader_loop () our_indirection_level = ++indirection_level; -#if defined (AUDIT_SHELL) - if (audited && interactive_shell && audit_start () < 0) - return EXECUTION_FAILURE; -#endif - while (EOF_Reached == 0) { int code; @@ -200,10 +151,7 @@ reader_loop () executing = 1; stdin_redir = 0; - result = execute_command (current_command); -#if defined (AUDIT_SHELL) - audit (result); -#endif + execute_command (current_command); exec_done: QUIT; diff --git a/externs.h b/externs.h index f60d354..bc28eda 100644 --- a/externs.h +++ b/externs.h @@ -77,10 +77,6 @@ extern int shell_is_restricted __P((char *)); extern int maybe_make_restricted __P((char *)); #endif -#if defined (AUDIT_SHELL) -extern int maybe_make_audited __P((char *)); -#endif - extern void unset_bash_input __P((int)); extern void get_current_user_info __P((void)); diff --git a/flags.c b/flags.c index e50d6dc..0c0868b 100644 --- a/flags.c +++ b/flags.c @@ -142,12 +142,6 @@ int restricted = 0; /* currently restricted */ int restricted_shell = 0; /* shell was started in restricted mode. */ #endif /* RESTRICTED_SHELL */ -#if defined (AUDIT_SHELL) -/* Non-zero means that this shell is audited. An audited shell records - each command that the root user executes. */ -int audited = 0; /* shell was started in audit mode. */ -#endif /* AUDIT_SHELL */ - /* Non-zero means that this shell is running in `privileged' mode. This is required if the shell is to run setuid. If the `-p' option is not supplied at startup, and the real and effective uids or gids diff --git a/flags.h b/flags.h index 1ee63c8..f16e604 100644 --- a/flags.h +++ b/flags.h @@ -66,10 +66,6 @@ extern int restricted; extern int restricted_shell; #endif /* RESTRICTED_SHELL */ -#if defined (AUDIT_SHELL) -extern int audited; -#endif /* AUDIT_SHELL */ - extern int *find_flag __P((int)); extern int change_flag __P((int, int)); extern char *which_set_flags __P((void)); diff --git a/shell.c b/shell.c index 9836035..1aac510 100644 --- a/shell.c +++ b/shell.c @@ -235,9 +235,6 @@ struct { { "rcfile", Charp, (int *)0x0, &bashrc_file }, #if defined (RESTRICTED_SHELL) { "restricted", Int, &restricted, (char **)0x0 }, -#endif -#if defined (AUDIT_SHELL) - { "audit", Int, &audited, (char **)0x0 }, #endif { "verbose", Int, &echo_input_at_read, (char **)0x0 }, { "version", Int, &do_version, (char **)0x0 }, @@ -637,10 +634,6 @@ main (argc, argv, env) maybe_make_restricted (shell_name); #endif /* RESTRICTED_SHELL */ -#if defined (AUDIT_SHELL) - maybe_make_audited (shell_name); -#endif - if (wordexp_only) { startup_state = 3; @@ -1140,29 +1133,6 @@ maybe_make_restricted (name) } #endif /* RESTRICTED_SHELL */ -#if defined (AUDIT_SHELL) -/* Perhaps make this shell an `audited' one, based on NAME. If the - basename of NAME is "vbash", then this shell is audited. The - name of the audited shell is a configurable option, see config.h. - In an audited shell, all actions performed by root will be logged - to the audit system. - Do this also if `audited' is already set to 1 maybe the shell was - started with --audit. */ -int -maybe_make_audited (name) - char *name; -{ - char *temp; - - temp = base_pathname (name); - if (*temp == '-') - temp++; - if (audited || (STREQ (temp, AUDIT_SHELL_NAME))) - audited = 1; - return (audited); -} -#endif /* AUDIT_SHELL */ - /* Fetch the current set of uids and gids and return 1 if we're running setuid or setgid. */ static int -- cgit v1.2.3 From 70cf5bebe6902411c3ec4ea38990ea49ce0b948a Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 17 Jun 2010 10:17:47 -0700 Subject: 3.2-4-vyatta-2 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 1ad2212..98c31e3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-bash (3.2-4-vyatta-2) unstable; urgency=low + + * Remove AUDIT_SHELL option + + -- Stephen Hemminger Thu, 17 Jun 2010 10:17:47 -0700 + vyatta-bash (3.2-4-vyatta-1) unstable; urgency=low * Don't remove vbash from /etc/shells during upgrade -- cgit v1.2.3