[sudo-workers] [patch] to add support for BSM audit records

Robert Watson rwatson at FreeBSD.org
Sat Nov 29 10:08:46 EST 2008

On Thu, 27 Nov 2008, Christian Peron wrote:

> I would like to propose a patch to add BSM audit support to sudo.  This 
> patch and associated files adds support for the Sun's Basic Security Module 
> (BSM) Audit API and file format.  It should be noted that currently FreeBSD, 
> OS X and Solaris use BSM.  I have not tested on Solaris or OS X but, this 
> patch should build on both.  This is a starting point, it's possible that I 
> could be missing some key error conditions which require auditing.
> Please review and send back any feedback/comments.

Hi Christian:

This sounds extremely useful.  Question: do you think it might be useful to 
add the command line being requested to the audit record via another text 
token?  While presumably each execve(2) can be separately audited, the 
original formulation (especially if it involves a pipeline) may be useful.

Robert N M Watson
Computer Laboratory
University of Cambridge

More information about the sudo-workers mailing list