1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-05 12:56:08 +00:00
Commit Graph

58705 Commits

Author SHA1 Message Date
Robert Watson
0489082737 o Disable two "allow this" exceptions in p_cansched()m retricting the
ability of unprivileged processes to modify the scheduling properties
  of daemons temporarily taking on unprivileged effective credentials.
  These cases (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) and
  (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid), respectively permitting
  a subject process to influence the scheduling of a daemon if the subject
  process has the same real uid or effective uid as the daemon's effective
  uid.  This removes a number of the warning cases identified by the
  proc_to_proc iner-process authorization regression test.
o As these are new restrictions, we'll have to watch out carefully for
  possible side effects on running code: they seem reasonable to me,
  but it's possible this change might have to be backed out if problems
  are experienced.

Reported by:	src/tools/regression/security/proc_to_proc/testuid
Obtained from:	TrustedBSD Project
2001-04-12 22:46:07 +00:00
Alfred Perlstein
b28cb1ca07 remove truncated part from commment 2001-04-12 21:50:03 +00:00
Robert Watson
e386f9bda3 o Make kqueue's filt_procattach() function use the error value returned
by p_can(...P_CAN_SEE), rather than returning EACCES directly.  This
  brings the error code used here into line with similar arrangements
  elsewhere, and prevents the leakage of pid usage information.

Reviewed by:	jlemon
Obtained from:	TrustedBSD Project
2001-04-12 21:32:02 +00:00
Robert Watson
d34f8d3030 o Limit process information leakage by introducing a p_can(...P_CAN_SEE...)
in rtprio()'s RTP_LOOKIP implementation.

Obtained from:	TrustedBSD Project
2001-04-12 20:46:26 +00:00
Brian Somers
cdf6f0b1ae Correct some markup
Submitted by:	bde
2001-04-12 20:04:54 +00:00
Robert Watson
eb9e5c1d72 o Reduce information leakage into jails by adding invocations of
p_can(...P_CAN_SEE...) to getpgid(), getsid(), and setpgid(),
  blocking these operations on processes that should not be visible
  by the requesting process.  Required to reduce information leakage
  in MAC environments.

Obtained from:	TrustedBSD Project
2001-04-12 19:39:00 +00:00
Robert Watson
bacff58c0e o Expand inter-process authorization regression test to include
signalling with sigsegv as one of the tests.
o Teach errno_to_string() about ENOTSUPP.

Obtained from:  TrustedBSD Project
2001-04-12 17:46:20 +00:00
Andrey A. Chernov
7de69ff097 Activate backward-compatible prototypes 2001-04-12 17:18:46 +00:00
KATO Takenori
4dfe1d3b64 Merged from options.i386 revision 1.147. 2001-04-12 12:28:42 +00:00
KATO Takenori
a3758914a0 Merged from files.i386 revisions 1.359 and 1.360. 2001-04-12 12:26:40 +00:00
Nick Hibma
1470e6aaeb Regen. 2001-04-12 11:08:59 +00:00
Nick Hibma
47a9ad6b89 TDK ids
Submitted by:	Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>
2001-04-12 11:04:08 +00:00
Nick Hibma
426128e90b From NetBSD 2001-04-12 10:59:30 +00:00
Andrey A. Chernov
6055a95fee Back out history.3 link removing - conflict fixed in libreadline instead 2001-04-12 09:57:12 +00:00
Andrey A. Chernov
465ccb3095 Install history.3 as rlhistory.3 to not conflict with existing libedit function 2001-04-12 09:54:44 +00:00
Andrey A. Chernov
45b655df03 Comment out one of many editline.3 MLINKS conflicting with libreadline
(history.3)
2001-04-12 03:33:13 +00:00
Robert Watson
4c5eb9c397 o Replace p_cankill() with p_cansignal(), remove wrappage of p_can()
from signal authorization checking.
o p_cansignal() takes three arguments: subject process, object process,
  and signal number, unlike p_cankill(), which only took into account
  the processes and not the signal number, improving the abstraction
  such that CANSIGNAL() from kern_sig.c can now also be eliminated;
  previously CANSIGNAL() special-cased the handling of SIGCONT based
  on process session.  privused is now deprecated.
o The new p_cansignal() further limits the set of signals that may
  be delivered to processes with P_SUGID set, and restructures the
  access control check to allow it to be extended more easily.
o These changes take into account work done by the OpenBSD Project,
  as well as by Robert Watson and Thomas Moestl on the TrustedBSD
  Project.

Obtained from:  TrustedBSD Project
2001-04-12 02:38:08 +00:00
Warner Losh
a9304a4eb5 Fix minor typo in comment. 112x -> 12xx 2001-04-11 22:49:00 +00:00
Brian Somers
ff1b168b6e Introduce -osid and -otsid
Submitted by: dd
2001-04-11 22:42:54 +00:00
Chris D. Faulhaber
bbf2cf59fc Revamp acl_create_entry() so it actually works.
Obtained from:	TrustedBSD Project
2001-04-11 22:09:51 +00:00
Archie Cobbs
422c727634 Don't reference a node after we dropped a reference to it
(same as in previous checkin, but in a different function).
2001-04-11 22:04:47 +00:00
Boris Popov
cdcb16abd2 Pull constants from netsmb/smb.h. 2001-04-11 21:35:51 +00:00
Robert Watson
3ceef0c3d7 o Enable -DSETSUGID_SUPPORTED in inter-process authorization regression
test by default, as setugid() is now part of the base kernel (assuming
  (options REGRESSION) has been enabled for the running kernel).

Obtained from: TrustedBSD Project
2001-04-11 20:23:23 +00:00
Warner Losh
a17e1baffd Add IBM3765 to newcard's pcic pnp device list 2001-04-11 20:22:16 +00:00
Robert Watson
40829dd2dc o Regenerated following introduction of __setugid() system call for
"options REGRESSION".

Obtained from:	TrustedBSD Project
2001-04-11 20:21:37 +00:00
Robert Watson
130d0157d1 o Introduce a new system call, __setsugid(), which allows a process to
toggle the P_SUGID bit explicitly, rather than relying on it being
  set implicitly by other protection and credential logic.  This feature
  is introduced to support inter-process authorization regression testing
  by simplifying userland credential management allowing the easy
  isolation and reproduction of authorization events with specific
  security contexts.  This feature is enabled only by "options REGRESSION"
  and is not intended to be used by applications.  While the feature is
  not known to introduce security vulnerabilities, it does allow
  processes to enter previously inaccessible parts of the credential
  state machine, and is therefore disabled by default.  It may not
  constitute a risk, and therefore in the future pending further analysis
  (and appropriate need) may become a published interface.

Obtained from:	TrustedBSD Project
2001-04-11 20:20:40 +00:00
Warner Losh
e5eac10b13 Add #define for IBM3765.
Fix SWAMPBOX.  It had actiontec's ID.
Reorder pnpids so they are in alphabetical order.
2001-04-11 20:18:29 +00:00
Robert Watson
0b5438c6d1 o Introduce "options REGRESSION", a kernel option which enables
interfaces and functionality intended for use during correctness and
  regression testing.  Features enabled by "options REGRESSION" may
  in and of themselves introduce security or correctness problems if
  used improperly, and so are not intended for use in production
  systems, only in testing environments.

Obtained from:	TrustedBSD Project
2001-04-11 19:29:24 +00:00
John Baldwin
7b531e6037 Stick proc0 in the PID hash table. 2001-04-11 18:50:50 +00:00
Robert Watson
274f7445fd o First pass at an inter-process authorization regression testing suite.
This test utility attempts to evaluate the current kernel policy
  for authorization inter-process activities, currently ptrace(),
  kill(, SIGHUP), getpriority(), and setpriority().  The utility creates
  pairs of processes, initializes their credential sets to useful
  cases, and reports on whether the results are in keeping with hard-coded
  safety expectations.

o Currently, this utility relies on the availability of __setugid(),
  an uncomitted system call used for managing the P_SUGID bit.  Due to
  continuing discussion of optional regression testing kernel components
  ("options REGRESSION") I'll hold off on committing that until the
  discussion has reached its natural termination.

o A number of additional testing factors should be taken into account
  in the testing, including tests for different classes of signals,
  interactions with process session characteristics, I/O signalling,
  broadcast activities such as broadcast signalling, mass priority
  setting, and to take into group-related aspects of credentials.
  Additional operations should also be taken into account, such as ktrace,
  debugging attach using procfs, and so on.

o This testing suite is intended to prevent the introduction of bugs
  in the upcoming sets of authorization changes associated with the
  introduction of process capabilities and mandatory access control.

Obtained from: TrustedBSD Project
2001-04-11 17:21:14 +00:00
John Baldwin
2fea957dc5 Rename the IPI API from smp_ipi_* to ipi_* since the smp_ prefix is just
"redundant noise" and to match the IPI constant namespace (IPI_*).

Requested by:	bde
2001-04-11 17:06:02 +00:00
Bruce A. Mah
ee13a06d5e New release notes: vidcontrol(1) update (submitted by sobomax).
Modified release notes:  Note MFC of gcc-2.95.3, libreadline 4.2.

Clarify Maestro-3/Allegro driver loading issues (submitted by scottl).
2001-04-11 16:23:58 +00:00
John Baldwin
45fdf62519 Parse the various argument registers in the printtrap() function so that
one doesn't have to go grab a reference manual to decode them by hand every
time the alpha kernel falls over.

Reviewed by:	drew, -alpha
2001-04-11 16:20:11 +00:00
David E. O'Brien
5e4c98b1a6 The internal declaration for tilde_expand() now conflicts with the one
that was finally added to the readline headers in readline 4.2.

Submitted by:	ache
2001-04-11 16:15:19 +00:00
Boris Popov
bc9243be52 Add forgotten files for NETSMBCRYPTO option (may be DES based encryption
should be enabled by default, not sure).
2001-04-11 09:20:33 +00:00
Boris Popov
6c9f45bdde Actually install include/fs/smbfs and include/netsmb directories. 2001-04-11 09:00:09 +00:00
Warner Losh
80914f7e42 Add O2Micro's OZ6872 Cardbus bridge.
Submitted by: Robert Sexton <robert@kudra.com>
2001-04-11 06:40:35 +00:00
David E. O'Brien
af9fb623c7 Missed one in rev 1.608. 2001-04-11 06:16:52 +00:00
Andrey A. Chernov
7b8ab0d8c9 Upgrade for readline 4.2 2001-04-11 04:27:10 +00:00
Andrey A. Chernov
c8f896e658 Remove conflicting readline prototype 2001-04-11 04:07:38 +00:00
Andrey A. Chernov
74874d04e1 Upgrade to 4.2 2001-04-11 03:49:54 +00:00
Andrey A. Chernov
a39df769f3 Merge local changes 2001-04-11 03:15:56 +00:00
Andrey A. Chernov
3be056262b This commit was generated by cvs2svn to compensate for changes in r75406,
which included commits to RCS files with non-trunk default branches.
2001-04-11 02:33:07 +00:00
Andrey A. Chernov
fb21882ffc v4.2 initial import 2001-04-11 02:33:07 +00:00
David E. O'Brien
2eeee21d52 Properly set `KERNEL' w/in the "doSTDKERNEL:" target.
Reviewed by:	jhb
2001-04-11 02:21:13 +00:00
Chris D. Faulhaber
fb1af1f2bf Correct the following defines to match the POSIX.1e spec:
ACL_PERM_EXEC  -> ACL_EXECUTE
  ACL_PERM_READ  -> ACL_READ
  ACL_PERM_WRITE -> ACL_WRITE

Obtained from:	TrustedBSD
2001-04-11 02:19:01 +00:00
Murray Stokely
5551534696 Source rc.conf so that named.restart can restart named with the correct
flags.

PR:		misc/25049
Submitted by:	Richard Roderick <richard@gohome.net>
2001-04-11 02:12:14 +00:00
Peter Wemm
9d10eb0c0c Create debug.hashstat.[raw]nchash and debug.hashstat.[raw]nfsnode to
enable easy access to the hash chain stats.  The raw prefixed versions
dump an integer array to userland with the chain lengths.  This cheats
and calls it an array of 'struct int' rather than 'int' or sysctl -a
faithfully dumps out the 128K array on an average machine.  The non-raw
versions return 4 integers: count, number of chains used, maximum chain
length, and percentage utilization (fixed point, multiplied by 100).
The raw forms are more useful for analyzing the hash distribution, while
the other form can be read easily by humans and stats loggers.
2001-04-11 00:39:20 +00:00
Ian Dowse
ba33efd92c Fix a typo relating to the "-U" (force UDP for mount protocol)
option. When specified, make sure to use the correct netid for the
getnetconfigent() call, and also in error messages.
2001-04-11 00:21:16 +00:00
David E. O'Brien
370d222b7f Remove MIPS support.
It has rotted quite badly and no one has provided updates for it.
2001-04-11 00:12:48 +00:00