• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
BSM argument bug?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BSM argument bug?

  • Subject: BSM argument bug?
  • From: Todd Heberlein <email@hidden>
  • Date: Fri, 8 Jun 2007 10:09:02 -0700
I don't know if the Darwin-kernel is the right location for question/ observations about the BSM auditing in Mac OS X (10.4.9 for PowerPC), but I couldn't find a more appropriate list.

There might be a bug in the generation of ioctl() audit records in some instances. The argument descriptors are out of order (from what is specified in the Sun document for AUE_IOCTL), and two different arguments are listed as "argument 1":


header,103,1,ioctl(2),0,Wed May 30 09:39:31 2007, + 11 msec
argument,2,0x8004667e,cmd
argument,1,0xbfffef40,arg
argument,1,0x8,fd
subject,heberlei,heberlei,staff,heberlei,staff,270,76,50331650,0.0.0.0
return,success,0
trailer,103


Is this a bug, or have I misinterpreted the specifications again?


Thanks,

Todd

PS. If there is a more appropriate location to post questions/ observations about BSM auditing, please let me know.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: Newbie question - missing vop* structures/functions in sys/vnode.h on 10.4
  • Next by Date: Log of deleted files
  • Previous by thread: Re: Newbie question - missing vop* structures/functions in sys/vnode.h on 10.4
  • Next by thread: Log of deleted files
  • Index(es):
    • Date
    • Thread