From 7514f4f6254f4a2d13ea8e5632a8e5f22b637e0b Mon Sep 17 00:00:00 2001 From: Saiyang Gou Date: Wed, 12 Feb 2020 23:47:42 -0800 Subject: [PATCH] bpo-39184: Add audit events to functions in `fcntl`, `msvcrt`, `os`, `resource`, `shutil`, `signal`, `syslog` (GH-18407) --- Doc/library/fcntl.rst | 8 + Doc/library/msvcrt.rst | 6 + Doc/library/os.rst | 68 ++++++++ Doc/library/resource.rst | 5 + Doc/library/shutil.rst | 20 +++ Doc/library/signal.rst | 2 + Doc/library/syslog.rst | 8 + Lib/shutil.py | 10 ++ .../2020-02-07-23-54-18.bpo-39184.v-ue-v.rst | 1 + Modules/fcntlmodule.c | 18 +++ Modules/posixmodule.c | 151 ++++++++++++++++-- Modules/resource.c | 10 ++ Modules/signalmodule.c | 4 + Modules/syslogmodule.c | 14 ++ PC/msvcrtmodule.c | 12 ++ 15 files changed, 320 insertions(+), 17 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2020-02-07-23-54-18.bpo-39184.v-ue-v.rst diff --git a/Doc/library/fcntl.rst b/Doc/library/fcntl.rst index 5c172b836ac..07a15d27216 100644 --- a/Doc/library/fcntl.rst +++ b/Doc/library/fcntl.rst @@ -63,6 +63,8 @@ The module defines the following functions: If the :c:func:`fcntl` fails, an :exc:`OSError` is raised. + .. audit-event:: fcntl.fcntl fd,cmd,arg fcntl.fcntl + .. function:: ioctl(fd, request, arg=0, mutate_flag=True) @@ -112,6 +114,8 @@ The module defines the following functions: >>> buf array('h', [13341]) + .. audit-event:: fcntl.ioctl fd,request,arg fcntl.ioctl + .. function:: flock(fd, operation) @@ -122,6 +126,8 @@ The module defines the following functions: If the :c:func:`flock` fails, an :exc:`OSError` exception is raised. + .. audit-event:: fcntl.flock fd,operation fcntl.flock + .. function:: lockf(fd, cmd, len=0, start=0, whence=0) @@ -155,6 +161,8 @@ The module defines the following functions: The default for *len* is 0 which means to lock to the end of the file. The default for *whence* is also 0. + .. audit-event:: fcntl.lockf fd,cmd,len,start,whence fcntl.lockf + Examples (all on a SVR4 compliant system):: import struct, fcntl, os diff --git a/Doc/library/msvcrt.rst b/Doc/library/msvcrt.rst index 14ad2cd4373..42fffee6a0f 100644 --- a/Doc/library/msvcrt.rst +++ b/Doc/library/msvcrt.rst @@ -42,6 +42,8 @@ File Operations regions in a file may be locked at the same time, but may not overlap. Adjacent regions are not merged; they must be unlocked individually. + .. audit-event:: msvcrt.locking fd,mode,nbytes msvcrt.locking + .. data:: LK_LOCK LK_RLCK @@ -77,12 +79,16 @@ File Operations and :const:`os.O_TEXT`. The returned file descriptor may be used as a parameter to :func:`os.fdopen` to create a file object. + .. audit-event:: msvcrt.open_osfhandle handle,flags msvcrt.open_osfhandle + .. function:: get_osfhandle(fd) Return the file handle for the file descriptor *fd*. Raises :exc:`OSError` if *fd* is not recognized. + .. audit-event:: msvcrt.get_osfhandle fd msvcrt.get_osfhandle + .. _msvcrt-console: diff --git a/Doc/library/os.rst b/Doc/library/os.rst index b06a318c3d7..af02a373f33 100644 --- a/Doc/library/os.rst +++ b/Doc/library/os.rst @@ -445,6 +445,8 @@ process and user. On some platforms, including FreeBSD and Mac OS X, setting ``environ`` may cause memory leaks. Refer to the system documentation for :c:func:`putenv`. + .. audit-event:: os.putenv key,value os.putenv + .. versionchanged:: 3.9 The function is now always available. @@ -640,6 +642,8 @@ process and user. don't update ``os.environ``, so it is actually preferable to delete items of ``os.environ``. + .. audit-event:: os.unsetenv key os.unsetenv + .. versionchanged:: 3.9 The function is now always available and is also available on Windows. @@ -766,6 +770,8 @@ as internal buffering of data. docs for :func:`chmod` for possible values of *mode*. As of Python 3.3, this is equivalent to ``os.chmod(fd, mode)``. + .. audit-event:: os.chmod path,mode,dir_fd os.fchmod + .. availability:: Unix. @@ -776,6 +782,8 @@ as internal buffering of data. :func:`chown`. As of Python 3.3, this is equivalent to ``os.chown(fd, uid, gid)``. + .. audit-event:: os.chown path,uid,gid,dir_fd os.fchown + .. availability:: Unix. @@ -883,6 +891,8 @@ as internal buffering of data. :data:`F_ULOCK` or :data:`F_TEST`. *len* specifies the section of the file to lock. + .. audit-event:: os.lockf fd,cmd,len os.lockf + .. availability:: Unix. .. versionadded:: 3.3 @@ -1603,6 +1613,8 @@ features: This function can raise :exc:`OSError` and subclasses such as :exc:`FileNotFoundError`, :exc:`PermissionError`, and :exc:`NotADirectoryError`. + .. audit-event:: os.chdir path os.chdir + .. versionadded:: 3.3 Added support for specifying *path* as a file descriptor on some platforms. @@ -1631,6 +1643,8 @@ features: This function can support :ref:`not following symlinks `. + .. audit-event:: os.chflags path,flags os.chflags + .. availability:: Unix. .. versionadded:: 3.3 @@ -1676,6 +1690,8 @@ features: read-only flag with it (via the ``stat.S_IWRITE`` and ``stat.S_IREAD`` constants or a corresponding integer value). All other bits are ignored. + .. audit-event:: os.chmod path,mode,dir_fd os.chmod + .. versionadded:: 3.3 Added support for specifying *path* as an open file descriptor, and the *dir_fd* and *follow_symlinks* arguments. @@ -1696,6 +1712,8 @@ features: See :func:`shutil.chown` for a higher-level function that accepts names in addition to numeric ids. + .. audit-event:: os.chown path,uid,gid,dir_fd os.chown + .. availability:: Unix. .. versionadded:: 3.3 @@ -1722,6 +1740,8 @@ features: descriptor *fd*. The descriptor must refer to an opened directory, not an open file. As of Python 3.3, this is equivalent to ``os.chdir(fd)``. + .. audit-event:: os.chdir path os.fchdir + .. availability:: Unix. @@ -1746,6 +1766,8 @@ features: not follow symbolic links. As of Python 3.3, this is equivalent to ``os.chflags(path, flags, follow_symlinks=False)``. + .. audit-event:: os.chflags path,flags os.lchflags + .. availability:: Unix. .. versionchanged:: 3.6 @@ -1759,6 +1781,8 @@ features: for possible values of *mode*. As of Python 3.3, this is equivalent to ``os.chmod(path, mode, follow_symlinks=False)``. + .. audit-event:: os.chmod path,mode,dir_fd os.lchmod + .. availability:: Unix. .. versionchanged:: 3.6 @@ -1770,6 +1794,8 @@ features: function will not follow symbolic links. As of Python 3.3, this is equivalent to ``os.chown(path, uid, gid, follow_symlinks=False)``. + .. audit-event:: os.chown path,uid,gid,dir_fd os.lchown + .. availability:: Unix. .. versionchanged:: 3.6 @@ -1784,6 +1810,8 @@ features: supply :ref:`paths relative to directory descriptors `, and :ref:`not following symlinks `. + .. audit-event:: os.link src,dst,src_dir_fd,dst_dir_fd os.link + .. availability:: Unix, Windows. .. versionchanged:: 3.2 @@ -1886,6 +1914,8 @@ features: It is also possible to create temporary directories; see the :mod:`tempfile` module's :func:`tempfile.mkdtemp` function. + .. audit-event:: os.mkdir path,mode,dir_fd os.mkdir + .. versionadded:: 3.3 The *dir_fd* argument. @@ -1918,6 +1948,8 @@ features: This function handles UNC paths correctly. + .. audit-event:: os.mkdir path,mode,dir_fd os.makedirs + .. versionadded:: 3.2 The *exist_ok* parameter. @@ -2083,6 +2115,8 @@ features: This function is semantically identical to :func:`unlink`. + .. audit-event:: os.remove path,dir_fd os.remove + .. versionadded:: 3.3 The *dir_fd* argument. @@ -2103,6 +2137,8 @@ features: they are empty. Raises :exc:`OSError` if the leaf directory could not be successfully removed. + .. audit-event:: os.remove path,dir_fd os.removedirs + .. versionchanged:: 3.6 Accepts a :term:`path-like object`. @@ -2128,6 +2164,8 @@ features: If you want cross-platform overwriting of the destination, use :func:`replace`. + .. audit-event:: os.rename src,dst,src_dir_fd,dst_dir_fd os.rename + .. versionadded:: 3.3 The *src_dir_fd* and *dst_dir_fd* arguments. @@ -2147,6 +2185,8 @@ features: This function can fail with the new directory structure made if you lack permissions needed to remove the leaf directory or file. + .. audit-event:: os.rename src,dst,src_dir_fd,dst_dir_fd os.renames + .. versionchanged:: 3.6 Accepts a :term:`path-like object` for *old* and *new*. @@ -2162,6 +2202,8 @@ features: This function can support specifying *src_dir_fd* and/or *dst_dir_fd* to supply :ref:`paths relative to directory descriptors `. + .. audit-event:: os.rename src,dst,src_dir_fd,dst_dir_fd os.replace + .. versionadded:: 3.3 .. versionchanged:: 3.6 @@ -2178,6 +2220,8 @@ features: This function can support :ref:`paths relative to directory descriptors `. + .. audit-event:: os.rmdir path,dir_fd os.rmdir + .. versionadded:: 3.3 The *dir_fd* parameter. @@ -2821,6 +2865,8 @@ features: :exc:`OSError` is raised when the function is called by an unprivileged user. + .. audit-event:: os.symlink src,dst,dir_fd os.symlink + .. availability:: Unix, Windows. .. versionchanged:: 3.2 @@ -2873,6 +2919,8 @@ features: traditional Unix name. Please see the documentation for :func:`remove` for further information. + .. audit-event:: os.remove path,dir_fd os.unlink + .. versionadded:: 3.3 The *dir_fd* parameter. @@ -2910,6 +2958,8 @@ features: :ref:`paths relative to directory descriptors ` and :ref:`not following symlinks `. + .. audit-event:: os.utime path,times,ns,dir_fd os.utime + .. versionadded:: 3.3 Added support for specifying *path* as an open file descriptor, and the *dir_fd*, *follow_symlinks*, and *ns* parameters. @@ -3135,6 +3185,8 @@ These functions are all available on Linux only. This function can support :ref:`specifying a file descriptor ` and :ref:`not following symlinks `. + .. audit-event:: os.getxattr path,attribute os.getxattr + .. versionchanged:: 3.6 Accepts a :term:`path-like object` for *path* and *attribute*. @@ -3149,6 +3201,8 @@ These functions are all available on Linux only. This function can support :ref:`specifying a file descriptor ` and :ref:`not following symlinks `. + .. audit-event:: os.listxattr path os.listxattr + .. versionchanged:: 3.6 Accepts a :term:`path-like object`. @@ -3163,6 +3217,8 @@ These functions are all available on Linux only. This function can support :ref:`specifying a file descriptor ` and :ref:`not following symlinks `. + .. audit-event:: os.removexattr path,attribute os.removexattr + .. versionchanged:: 3.6 Accepts a :term:`path-like object` for *path* and *attribute*. @@ -3186,6 +3242,8 @@ These functions are all available on Linux only. A bug in Linux kernel versions less than 2.6.39 caused the flags argument to be ignored on some filesystems. + .. audit-event:: os.setxattr path,attribute,value,flags os.setxattr + .. versionchanged:: 3.6 Accepts a :term:`path-like object` for *path* and *attribute*. @@ -3248,6 +3306,8 @@ to be ignored. `_ for more information about how DLLs are loaded. + .. audit-event:: os.add_dll_directory path os.add_dll_directory + .. availability:: Windows. .. versionadded:: 3.8 @@ -3480,6 +3540,8 @@ written in Python, such as a mail server's external command delivery program. Note that some platforms including FreeBSD <= 6.3 and Cygwin have known issues when using ``fork()`` from a thread. + .. audit-event:: os.fork "" os.fork + .. versionchanged:: 3.8 Calling ``fork()`` in a subinterpreter is no longer supported (:exc:`RuntimeError` is raised). @@ -3499,6 +3561,8 @@ written in Python, such as a mail server's external command delivery program. master end of the pseudo-terminal. For a more portable approach, use the :mod:`pty` module. If an error occurs :exc:`OSError` is raised. + .. audit-event:: os.forkpty "" os.forkpty + .. versionchanged:: 3.8 Calling ``forkpty()`` in a subinterpreter is no longer supported (:exc:`RuntimeError` is raised). @@ -3525,6 +3589,8 @@ written in Python, such as a mail server's external command delivery program. See also :func:`signal.pthread_kill`. + .. audit-event:: os.kill pid,sig os.kill + .. versionadded:: 3.2 Windows support. @@ -3537,6 +3603,8 @@ written in Python, such as a mail server's external command delivery program. Send the signal *sig* to the process group *pgid*. + .. audit-event:: os.killpg pgid,sig os.killpg + .. availability:: Unix. diff --git a/Doc/library/resource.rst b/Doc/library/resource.rst index 3573da7ea2d..e4eac43642d 100644 --- a/Doc/library/resource.rst +++ b/Doc/library/resource.rst @@ -78,6 +78,9 @@ this module for those platforms. VxWorks only supports setting :data:`RLIMIT_NOFILE`. + .. audit-event:: resource.setrlimit resource,limits resource.setrlimit + + .. function:: prlimit(pid, resource[, limits]) Combines :func:`setrlimit` and :func:`getrlimit` in one function and @@ -94,6 +97,8 @@ this module for those platforms. :exc:`PermissionError` when the user doesn't have ``CAP_SYS_RESOURCE`` for the process. + .. audit-event:: resource.prlimit pid,resource,limits resource.prlimit + .. availability:: Linux 2.6.36 or later with glibc 2.13 or later. .. versionadded:: 3.4 diff --git a/Doc/library/shutil.rst b/Doc/library/shutil.rst index 59390d0e907..c7c63e6f808 100644 --- a/Doc/library/shutil.rst +++ b/Doc/library/shutil.rst @@ -67,6 +67,8 @@ Directory and files operations a new symbolic link will be created instead of copying the file *src* points to. + .. audit-event:: shutil.copyfile src,dst shutil.copyfile + .. versionchanged:: 3.3 :exc:`IOError` used to be raised instead of :exc:`OSError`. Added *follow_symlinks* argument. @@ -101,6 +103,8 @@ Directory and files operations :func:`copymode` cannot modify symbolic links on the local platform, and it is asked to do so, it will do nothing and return. + .. audit-event:: shutil.copymode src,dst shutil.copymode + .. versionchanged:: 3.3 Added *follow_symlinks* argument. @@ -146,6 +150,8 @@ Directory and files operations Please see :data:`os.supports_follow_symlinks` for more information. + .. audit-event:: shutil.copystat src,dst shutil.copystat + .. versionchanged:: 3.3 Added *follow_symlinks* argument and support for Linux extended attributes. @@ -167,6 +173,10 @@ Directory and files operations To preserve all file metadata from the original, use :func:`~shutil.copy2` instead. + .. audit-event:: shutil.copyfile src,dst shutil.copy + + .. audit-event:: shutil.copymode src,dst shutil.copy + .. versionchanged:: 3.3 Added *follow_symlinks* argument. Now returns path to the newly created file. @@ -194,6 +204,10 @@ Directory and files operations Please see :func:`copystat` for more information about platform support for modifying symbolic link metadata. + .. audit-event:: shutil.copyfile src,dst shutil.copy2 + + .. audit-event:: shutil.copystat src,dst shutil.copy2 + .. versionchanged:: 3.3 Added *follow_symlinks* argument, try to copy extended file system attributes too (currently Linux only). @@ -342,6 +356,8 @@ Directory and files operations *copy_function* allows the move to succeed when it is not possible to also copy the metadata, at the expense of not copying any of the metadata. + .. audit-event:: shutil.move src,dst shutil.move + .. versionchanged:: 3.3 Added explicit symlink handling for foreign filesystems, thus adapting it to the behavior of GNU's :program:`mv`. @@ -381,6 +397,8 @@ Directory and files operations See also :func:`os.chown`, the underlying function. + .. audit-event:: shutil.chown path,user,group shutil.chown + .. availability:: Unix. .. versionadded:: 3.3 @@ -632,6 +650,8 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules. registered for that extension. In case none is found, a :exc:`ValueError` is raised. + .. audit-event:: shutil.unpack_archive filename,extract_dir,format shutil.unpack_archive + .. versionchanged:: 3.7 Accepts a :term:`path-like object` for *filename* and *extract_dir*. diff --git a/Doc/library/signal.rst b/Doc/library/signal.rst index a79fc501352..8b3ab412bd3 100644 --- a/Doc/library/signal.rst +++ b/Doc/library/signal.rst @@ -277,6 +277,8 @@ The :mod:`signal` module defines the following functions: If *signalnum* is 0, then no signal is sent, but error checking is still performed; this can be used to check if the target thread is still running. + .. audit-event:: signal.pthread_kill thread_id,signalnum signal.pthread_kill + .. availability:: Unix. See the man page :manpage:`pthread_kill(3)` for further information. diff --git a/Doc/library/syslog.rst b/Doc/library/syslog.rst index 7151527ce57..d264a3340c9 100644 --- a/Doc/library/syslog.rst +++ b/Doc/library/syslog.rst @@ -31,6 +31,8 @@ The module defines the following functions: If :func:`openlog` has not been called prior to the call to :func:`syslog`, ``openlog()`` will be called with no arguments. + .. audit-event:: syslog.syslog priority,message syslog.syslog + .. function:: openlog([ident[, logoption[, facility]]]) @@ -45,6 +47,8 @@ The module defines the following functions: keyword argument (default is :const:`LOG_USER`) sets the default facility for messages which do not have a facility explicitly encoded. + .. audit-event:: syslog.openlog ident,logoption,facility syslog.openlog + .. versionchanged:: 3.2 In previous versions, keyword arguments were not allowed, and *ident* was required. The default for *ident* was dependent on the system libraries, @@ -60,6 +64,8 @@ The module defines the following functions: :func:`openlog` hasn't already been called), and *ident* and other :func:`openlog` parameters are reset to defaults. + .. audit-event:: syslog.closelog "" syslog.closelog + .. function:: setlogmask(maskpri) @@ -70,6 +76,8 @@ The module defines the following functions: ``LOG_UPTO(pri)`` calculates the mask for all priorities up to and including *pri*. + .. audit-event:: syslog.setlogmask maskpri syslog.setlogmask + The module defines the following constants: Priority levels (high to low): diff --git a/Lib/shutil.py b/Lib/shutil.py index 9a83a3242ed..a4ce2c0290b 100644 --- a/Lib/shutil.py +++ b/Lib/shutil.py @@ -235,6 +235,8 @@ def copyfile(src, dst, *, follow_symlinks=True): symlink will be created instead of copying the file it points to. """ + sys.audit("shutil.copyfile", src, dst) + if _samefile(src, dst): raise SameFileError("{!r} and {!r} are the same file".format(src, dst)) @@ -289,6 +291,8 @@ def copymode(src, dst, *, follow_symlinks=True): (e.g. Linux) this method does nothing. """ + sys.audit("shutil.copymode", src, dst) + if not follow_symlinks and _islink(src) and os.path.islink(dst): if hasattr(os, 'lchmod'): stat_func, chmod_func = os.lstat, os.lchmod @@ -340,6 +344,8 @@ def copystat(src, dst, *, follow_symlinks=True): If the optional flag `follow_symlinks` is not set, symlinks aren't followed if and only if both `src` and `dst` are symlinks. """ + sys.audit("shutil.copystat", src, dst) + def _nop(*args, ns=None, follow_symlinks=None): pass @@ -778,6 +784,7 @@ def move(src, dst, copy_function=copy2): the issues this implementation glosses over. """ + sys.audit("shutil.move", src, dst) real_dst = dst if os.path.isdir(dst): if _samefile(src, dst): @@ -1208,6 +1215,8 @@ def unpack_archive(filename, extract_dir=None, format=None): In case none is found, a ValueError is raised. """ + sys.audit("shutil.unpack_archive", filename, extract_dir, format) + if extract_dir is None: extract_dir = os.getcwd() @@ -1275,6 +1284,7 @@ def chown(path, user=None, group=None): user and group can be the uid/gid or the user/group names, and in that case, they are converted to their respective uid/gid. """ + sys.audit('shutil.chown', path, user, group) if user is None and group is None: raise ValueError("user and/or group must be set") diff --git a/Misc/NEWS.d/next/Security/2020-02-07-23-54-18.bpo-39184.v-ue-v.rst b/Misc/NEWS.d/next/Security/2020-02-07-23-54-18.bpo-39184.v-ue-v.rst new file mode 100644 index 00000000000..cf25c24d587 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2020-02-07-23-54-18.bpo-39184.v-ue-v.rst @@ -0,0 +1 @@ +Add audit events to functions in `fcntl`, `msvcrt`, `os`, `resource`, `shutil`, `signal` and `syslog`. \ No newline at end of file diff --git a/Modules/fcntlmodule.c b/Modules/fcntlmodule.c index 11906aa5829..43f9b22f672 100644 --- a/Modules/fcntlmodule.c +++ b/Modules/fcntlmodule.c @@ -66,6 +66,10 @@ fcntl_fcntl_impl(PyObject *module, int fd, int code, PyObject *arg) char buf[1024]; int async_err = 0; + if (PySys_Audit("fcntl.fcntl", "iiO", fd, code, arg ? arg : Py_None) < 0) { + return NULL; + } + if (arg != NULL) { int parse_result; @@ -171,6 +175,11 @@ fcntl_ioctl_impl(PyObject *module, int fd, unsigned int code, Py_ssize_t len; char buf[IOCTL_BUFSZ+1]; /* argument plus NUL byte */ + if (PySys_Audit("fcntl.ioctl", "iIO", fd, code, + ob_arg ? ob_arg : Py_None) < 0) { + return NULL; + } + if (ob_arg != NULL) { if (PyArg_Parse(ob_arg, "w*:ioctl", &pstr)) { char *arg; @@ -288,6 +297,10 @@ fcntl_flock_impl(PyObject *module, int fd, int code) int ret; int async_err = 0; + if (PySys_Audit("fcntl.flock", "ii", fd, code) < 0) { + return NULL; + } + #ifdef HAVE_FLOCK do { Py_BEGIN_ALLOW_THREADS @@ -372,6 +385,11 @@ fcntl_lockf_impl(PyObject *module, int fd, int code, PyObject *lenobj, int ret; int async_err = 0; + if (PySys_Audit("fcntl.lockf", "iiOOi", fd, code, lenobj ? lenobj : Py_None, + startobj ? startobj : Py_None, whence) < 0) { + return NULL; + } + #ifndef LOCK_SH #define LOCK_SH 1 /* shared lock */ #define LOCK_EX 2 /* exclusive lock */ diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c index ec3da4fb2fc..4d6d255b346 100644 --- a/Modules/posixmodule.c +++ b/Modules/posixmodule.c @@ -2911,6 +2911,10 @@ os_chdir_impl(PyObject *module, path_t *path) { int result; + if (PySys_Audit("os.chdir", "(O)", path->object) < 0) { + return NULL; + } + Py_BEGIN_ALLOW_THREADS #ifdef MS_WINDOWS /* on unix, success = 0, on windows, success = !0 */ @@ -2950,6 +2954,9 @@ static PyObject * os_fchdir_impl(PyObject *module, int fd) /*[clinic end generated code: output=42e064ec4dc00ab0 input=18e816479a2fa985]*/ { + if (PySys_Audit("os.chdir", "(i)", fd) < 0) { + return NULL; + } return posix_fildes_fd(fd, fchdir); } #endif /* HAVE_FCHDIR */ @@ -3007,6 +3014,11 @@ os_chmod_impl(PyObject *module, path_t *path, int mode, int dir_fd, return NULL; #endif + if (PySys_Audit("os.chmod", "Oii", path->object, mode, + dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) { + return NULL; + } + #ifdef MS_WINDOWS Py_BEGIN_ALLOW_THREADS attr = GetFileAttributesW(path->wide); @@ -3103,6 +3115,10 @@ os_fchmod_impl(PyObject *module, int fd, int mode) int res; int async_err = 0; + if (PySys_Audit("os.chmod", "iii", fd, mode, -1) < 0) { + return NULL; + } + do { Py_BEGIN_ALLOW_THREADS res = fchmod(fd, mode); @@ -3134,6 +3150,9 @@ os_lchmod_impl(PyObject *module, path_t *path, int mode) /*[clinic end generated code: output=082344022b51a1d5 input=90c5663c7465d24f]*/ { int res; + if (PySys_Audit("os.chmod", "Oii", path->object, mode, -1) < 0) { + return NULL; + } Py_BEGIN_ALLOW_THREADS res = lchmod(path->narrow, mode); Py_END_ALLOW_THREADS @@ -3176,6 +3195,10 @@ os_chflags_impl(PyObject *module, path_t *path, unsigned long flags, return NULL; #endif + if (PySys_Audit("os.chflags", "Ok", path->object, flags) < 0) { + return NULL; + } + Py_BEGIN_ALLOW_THREADS #ifdef HAVE_LCHFLAGS if (!follow_symlinks) @@ -3211,6 +3234,9 @@ os_lchflags_impl(PyObject *module, path_t *path, unsigned long flags) /*[clinic end generated code: output=30ae958695c07316 input=f9f82ea8b585ca9d]*/ { int res; + if (PySys_Audit("os.chflags", "Ok", path->object, flags) < 0) { + return NULL; + } Py_BEGIN_ALLOW_THREADS res = lchflags(path->narrow, flags); Py_END_ALLOW_THREADS @@ -3373,6 +3399,11 @@ os_chown_impl(PyObject *module, path_t *path, uid_t uid, gid_t gid, } #endif + if (PySys_Audit("os.chown", "OIIi", path->object, uid, gid, + dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) { + return NULL; + } + Py_BEGIN_ALLOW_THREADS #ifdef HAVE_FCHOWN if (path->fd != -1) @@ -3422,6 +3453,10 @@ os_fchown_impl(PyObject *module, int fd, uid_t uid, gid_t gid) int res; int async_err = 0; + if (PySys_Audit("os.chown", "iIIi", fd, uid, gid, -1) < 0) { + return NULL; + } + do { Py_BEGIN_ALLOW_THREADS res = fchown(fd, uid, gid); @@ -3454,6 +3489,9 @@ os_lchown_impl(PyObject *module, path_t *path, uid_t uid, gid_t gid) /*[clinic end generated code: output=25eaf6af412fdf2f input=b1c6014d563a7161]*/ { int res; + if (PySys_Audit("os.chown", "OIIi", path->object, uid, gid, -1) < 0) { + return NULL; + } Py_BEGIN_ALLOW_THREADS res = lchown(path->narrow, uid, gid); Py_END_ALLOW_THREADS @@ -3647,6 +3685,12 @@ os_link_impl(PyObject *module, path_t *src, path_t *dst, int src_dir_fd, } #endif + if (PySys_Audit("os.link", "OOii", src->object, dst->object, + src_dir_fd == DEFAULT_DIR_FD ? -1 : src_dir_fd, + dst_dir_fd == DEFAULT_DIR_FD ? -1 : dst_dir_fd) < 0) { + return NULL; + } + #ifdef MS_WINDOWS Py_BEGIN_ALLOW_THREADS result = CreateHardLinkW(dst->wide, src->wide, NULL); @@ -4114,6 +4158,11 @@ os_mkdir_impl(PyObject *module, path_t *path, int mode, int dir_fd) { int result; + if (PySys_Audit("os.mkdir", "Oii", path->object, mode, + dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) { + return NULL; + } + #ifdef MS_WINDOWS Py_BEGIN_ALLOW_THREADS result = CreateDirectoryW(path->wide, NULL); @@ -4259,6 +4308,12 @@ internal_rename(path_t *src, path_t *dst, int src_dir_fd, int dst_dir_fd, int is } #endif + if (PySys_Audit("os.rename", "OOii", src->object, dst->object, + src_dir_fd == DEFAULT_DIR_FD ? -1 : src_dir_fd, + dst_dir_fd == DEFAULT_DIR_FD ? -1 : dst_dir_fd) < 0) { + return NULL; + } + #ifdef MS_WINDOWS Py_BEGIN_ALLOW_THREADS result = MoveFileExW(src->wide, dst->wide, flags); @@ -4359,6 +4414,11 @@ os_rmdir_impl(PyObject *module, path_t *path, int dir_fd) { int result; + if (PySys_Audit("os.rmdir", "Oi", path->object, + dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) { + return NULL; + } + Py_BEGIN_ALLOW_THREADS #ifdef MS_WINDOWS /* Windows, success=1, UNIX, success=0 */ @@ -4517,6 +4577,11 @@ os_unlink_impl(PyObject *module, path_t *path, int dir_fd) { int result; + if (PySys_Audit("os.remove", "Oi", path->object, + dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) { + return NULL; + } + Py_BEGIN_ALLOW_THREADS _Py_BEGIN_SUPPRESS_IPH #ifdef MS_WINDOWS @@ -4933,6 +4998,11 @@ os_utime_impl(PyObject *module, path_t *path, PyObject *times, PyObject *ns, } #endif + if (PySys_Audit("os.utime", "OOOi", path->object, times, ns ? ns : Py_None, + dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) { + return NULL; + } + #ifdef MS_WINDOWS Py_BEGIN_ALLOW_THREADS hFile = CreateFileW(path->wide, FILE_WRITE_ATTRIBUTES, 0, @@ -5234,8 +5304,7 @@ os_execv_impl(PyObject *module, path_t *path, PyObject *argv) return NULL; } - if (PySys_Audit("os.exec", "OOO", path->object ? path->object : Py_None, - argv, Py_None) < 0) { + if (PySys_Audit("os.exec", "OOO", path->object, argv, Py_None) < 0) { free_string_array(argvlist, argc); return NULL; } @@ -5311,8 +5380,7 @@ os_execve_impl(PyObject *module, path_t *path, PyObject *argv, PyObject *env) if (envlist == NULL) goto fail_0; - if (PySys_Audit("os.exec", "OOO", path->object ? path->object : Py_None, - argv, env) < 0) { + if (PySys_Audit("os.exec", "OOO", path->object, argv, env) < 0) { goto fail_1; } @@ -5665,8 +5733,7 @@ py_posix_spawn(int use_posix_spawnp, PyObject *module, path_t *path, PyObject *a } attrp = &attr; - if (PySys_Audit("os.posix_spawn", "OOO", - path->object ? path->object : Py_None, argv, env) < 0) { + if (PySys_Audit("os.posix_spawn", "OOO", path->object, argv, env) < 0) { goto exit; } @@ -5910,8 +5977,7 @@ os_spawnv_impl(PyObject *module, int mode, path_t *path, PyObject *argv) mode = _P_OVERLAY; #endif - if (PySys_Audit("os.spawn", "iOOO", mode, - path->object ? path->object : Py_None, argv, + if (PySys_Audit("os.spawn", "iOOO", mode, path->object, argv, Py_None) < 0) { free_string_array(argvlist, argc); return NULL; @@ -6026,8 +6092,7 @@ os_spawnve_impl(PyObject *module, int mode, path_t *path, PyObject *argv, mode = _P_OVERLAY; #endif - if (PySys_Audit("os.spawn", "iOOO", mode, - path->object ? path->object : Py_None, argv, env) < 0) { + if (PySys_Audit("os.spawn", "iOOO", mode, path->object, argv, env) < 0) { goto fail_2; } @@ -6182,6 +6247,9 @@ os_fork_impl(PyObject *module) PyErr_SetString(PyExc_RuntimeError, "fork not supported for subinterpreters"); return NULL; } + if (PySys_Audit("os.fork", NULL) < 0) { + return NULL; + } PyOS_BeforeFork(); pid = fork(); if (pid == 0) { @@ -6788,6 +6856,9 @@ os_forkpty_impl(PyObject *module) PyErr_SetString(PyExc_RuntimeError, "fork not supported for subinterpreters"); return NULL; } + if (PySys_Audit("os.forkpty", NULL) < 0) { + return NULL; + } PyOS_BeforeFork(); pid = forkpty(&master_fd, NULL, NULL, NULL); if (pid == 0) { @@ -7309,14 +7380,15 @@ Kill a process with a signal. static PyObject * os_kill_impl(PyObject *module, pid_t pid, Py_ssize_t signal) /*[clinic end generated code: output=8e346a6701c88568 input=61a36b86ca275ab9]*/ -#ifndef MS_WINDOWS { + if (PySys_Audit("os.kill", "in", pid, signal) < 0) { + return NULL; + } +#ifndef MS_WINDOWS if (kill(pid, (int)signal) == -1) return posix_error(); Py_RETURN_NONE; -} #else /* !MS_WINDOWS */ -{ PyObject *result; DWORD sig = (DWORD)signal; DWORD err; @@ -7351,8 +7423,8 @@ os_kill_impl(PyObject *module, pid_t pid, Py_ssize_t signal) CloseHandle(handle); return result; -} #endif /* !MS_WINDOWS */ +} #endif /* HAVE_KILL */ @@ -7371,6 +7443,9 @@ static PyObject * os_killpg_impl(PyObject *module, pid_t pgid, int signal) /*[clinic end generated code: output=6dbcd2f1fdf5fdba input=38b5449eb8faec19]*/ { + if (PySys_Audit("os.killpg", "ii", pgid, signal) < 0) { + return NULL; + } /* XXX some man pages make the `pgid` parameter an int, others a pid_t. Since getpgrp() returns a pid_t, we assume killpg should take the same type. Moreover, pid_t is always at least as wide as @@ -8143,6 +8218,11 @@ os_symlink_impl(PyObject *module, path_t *src, path_t *dst, int result; #endif + if (PySys_Audit("os.symlink", "OOi", src->object, dst->object, + dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) { + return NULL; + } + #ifdef MS_WINDOWS if (windows_has_symlink_unprivileged_flag) { @@ -8745,6 +8825,10 @@ os_lockf_impl(PyObject *module, int fd, int command, Py_off_t length) { int res; + if (PySys_Audit("os.lockf", "iiL", fd, command, length) < 0) { + return NULL; + } + Py_BEGIN_ALLOW_THREADS res = lockf(fd, command, length); Py_END_ALLOW_THREADS @@ -10147,6 +10231,9 @@ static PyObject * os_putenv_impl(PyObject *module, PyObject *name, PyObject *value) /*[clinic end generated code: output=d29a567d6b2327d2 input=ba586581c2e6105f]*/ { + if (PySys_Audit("os.putenv", "OO", name, value) < 0) { + return NULL; + } return win32_putenv(name, value); } #else @@ -10172,6 +10259,10 @@ os_putenv_impl(PyObject *module, PyObject *name, PyObject *value) return NULL; } + if (PySys_Audit("os.putenv", "OO", name, value) < 0) { + return NULL; + } + if (setenv(name_string, value_string, 1)) { return posix_error(); } @@ -10193,6 +10284,9 @@ static PyObject * os_unsetenv_impl(PyObject *module, PyObject *name) /*[clinic end generated code: output=54c4137ab1834f02 input=4d6a1747cc526d2f]*/ { + if (PySys_Audit("os.unsetenv", "(O)", name) < 0) { + return NULL; + } return win32_putenv(name, NULL); } #else @@ -10208,6 +10302,9 @@ static PyObject * os_unsetenv_impl(PyObject *module, PyObject *name) /*[clinic end generated code: output=54c4137ab1834f02 input=2bb5288a599c7107]*/ { + if (PySys_Audit("os.unsetenv", "(O)", name) < 0) { + return NULL; + } #ifdef HAVE_BROKEN_UNSETENV unsetenv(PyBytes_AS_STRING(name)); #else @@ -11730,9 +11827,7 @@ os_startfile_impl(PyObject *module, path_t *filepath, "startfile not available on this platform"); } - if (PySys_Audit("os.startfile", "Ou", - filepath->object ? filepath->object : Py_None, - operation) < 0) { + if (PySys_Audit("os.startfile", "Ou", filepath->object, operation) < 0) { return NULL; } @@ -11910,6 +12005,10 @@ os_getxattr_impl(PyObject *module, path_t *path, path_t *attribute, if (fd_and_follow_symlinks_invalid("getxattr", path->fd, follow_symlinks)) return NULL; + if (PySys_Audit("os.getxattr", "OO", path->object, attribute->object) < 0) { + return NULL; + } + for (i = 0; ; i++) { void *ptr; ssize_t result; @@ -11981,6 +12080,11 @@ os_setxattr_impl(PyObject *module, path_t *path, path_t *attribute, if (fd_and_follow_symlinks_invalid("setxattr", path->fd, follow_symlinks)) return NULL; + if (PySys_Audit("os.setxattr", "OOy#i", path->object, attribute->object, + value->buf, value->len, flags) < 0) { + return NULL; + } + Py_BEGIN_ALLOW_THREADS; if (path->fd > -1) result = fsetxattr(path->fd, attribute->narrow, @@ -12029,6 +12133,10 @@ os_removexattr_impl(PyObject *module, path_t *path, path_t *attribute, if (fd_and_follow_symlinks_invalid("removexattr", path->fd, follow_symlinks)) return NULL; + if (PySys_Audit("os.removexattr", "OO", path->object, attribute->object) < 0) { + return NULL; + } + Py_BEGIN_ALLOW_THREADS; if (path->fd > -1) result = fremovexattr(path->fd, attribute->narrow); @@ -12074,6 +12182,11 @@ os_listxattr_impl(PyObject *module, path_t *path, int follow_symlinks) if (fd_and_follow_symlinks_invalid("listxattr", path->fd, follow_symlinks)) goto exit; + if (PySys_Audit("os.listxattr", "(O)", + path->object ? path->object : Py_None) < 0) { + return NULL; + } + name = path->narrow ? path->narrow : "."; for (i = 0; ; i++) { @@ -13550,6 +13663,10 @@ os__add_dll_directory_impl(PyObject *module, path_t *path) DLL_DIRECTORY_COOKIE cookie = 0; DWORD err = 0; + if (PySys_Audit("os.add_dll_directory", "(O)", path->object) < 0) { + return NULL; + } + /* For Windows 7, we have to load this. As this will be a fairly infrequent operation, just do it each time. Kernel32 is always loaded. */ diff --git a/Modules/resource.c b/Modules/resource.c index 87c72e74098..afde03c6c7e 100644 --- a/Modules/resource.c +++ b/Modules/resource.c @@ -224,6 +224,11 @@ resource_setrlimit_impl(PyObject *module, int resource, PyObject *limits) return NULL; } + if (PySys_Audit("resource.setrlimit", "iO", resource, + limits ? limits : Py_None) < 0) { + return NULL; + } + if (py2rlimit(limits, &rl) < 0) { return NULL; } @@ -269,6 +274,11 @@ resource_prlimit_impl(PyObject *module, pid_t pid, int resource, return NULL; } + if (PySys_Audit("resource.prlimit", "iiO", pid, resource, + limits ? limits : Py_None) < 0) { + return NULL; + } + if (group_right_1) { if (py2rlimit(limits, &new_limit) < 0) { return NULL; diff --git a/Modules/signalmodule.c b/Modules/signalmodule.c index 693b90b6c63..a1976737462 100644 --- a/Modules/signalmodule.c +++ b/Modules/signalmodule.c @@ -1236,6 +1236,10 @@ signal_pthread_kill_impl(PyObject *module, unsigned long thread_id, { int err; + if (PySys_Audit("signal.pthread_kill", "ki", thread_id, signalnum) < 0) { + return NULL; + } + err = pthread_kill((pthread_t)thread_id, signalnum); if (err != 0) { errno = err; diff --git a/Modules/syslogmodule.c b/Modules/syslogmodule.c index 539224f2c5b..24517925c32 100644 --- a/Modules/syslogmodule.c +++ b/Modules/syslogmodule.c @@ -144,6 +144,10 @@ syslog_openlog(PyObject * self, PyObject * args, PyObject *kwds) return NULL; } + if (PySys_Audit("syslog.openlog", "sll", ident, logopt, facility) < 0) { + return NULL; + } + openlog(ident, logopt, facility); S_log_open = 1; @@ -170,6 +174,10 @@ syslog_syslog(PyObject * self, PyObject * args) if (message == NULL) return NULL; + if (PySys_Audit("syslog.syslog", "is", priority, message) < 0) { + return NULL; + } + /* if log is not opened, open it now */ if (!S_log_open) { PyObject *openargs; @@ -194,6 +202,9 @@ syslog_syslog(PyObject * self, PyObject * args) static PyObject * syslog_closelog(PyObject *self, PyObject *unused) { + if (PySys_Audit("syslog.closelog", NULL) < 0) { + return NULL; + } if (S_log_open) { closelog(); Py_CLEAR(S_ident_o); @@ -209,6 +220,9 @@ syslog_setlogmask(PyObject *self, PyObject *args) if (!PyArg_ParseTuple(args, "l;mask for priority", &maskpri)) return NULL; + if (PySys_Audit("syslog.setlogmask", "(O)", args ? args : Py_None) < 0) { + return NULL; + } omaskpri = setlogmask(maskpri); return PyLong_FromLong(omaskpri); } diff --git a/PC/msvcrtmodule.c b/PC/msvcrtmodule.c index c4113e54c2b..5c06ec2621e 100644 --- a/PC/msvcrtmodule.c +++ b/PC/msvcrtmodule.c @@ -116,6 +116,10 @@ msvcrt_locking_impl(PyObject *module, int fd, int mode, long nbytes) { int err; + if (PySys_Audit("msvcrt.locking", "iil", fd, mode, nbytes) < 0) { + return NULL; + } + Py_BEGIN_ALLOW_THREADS _Py_BEGIN_SUPPRESS_IPH err = _locking(fd, mode, nbytes); @@ -175,6 +179,10 @@ msvcrt_open_osfhandle_impl(PyObject *module, void *handle, int flags) { int fd; + if (PySys_Audit("msvcrt.open_osfhandle", "Ki", handle, flags) < 0) { + return NULL; + } + _Py_BEGIN_SUPPRESS_IPH fd = _open_osfhandle((intptr_t)handle, flags); _Py_END_SUPPRESS_IPH @@ -201,6 +209,10 @@ msvcrt_get_osfhandle_impl(PyObject *module, int fd) { intptr_t handle = -1; + if (PySys_Audit("msvcrt.get_osfhandle", "(i)", fd) < 0) { + return NULL; + } + _Py_BEGIN_SUPPRESS_IPH handle = _get_osfhandle(fd); _Py_END_SUPPRESS_IPH