1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-27 08:00:11 +00:00
Commit Graph

79000 Commits

Author SHA1 Message Date
Robert Watson
e5cb5e37d4 Close a race in process label changing opened due to dropping the
proc locking when revoking access to mmaps.  Instead, perform this
later once we've changed the process label (hold onto a reference
to the new cred so that we don't lose it when we release the
process lock if another thread changes the credential).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 20:26:32 +00:00
Semen Ustimenko
714087a2ac Do not reset card in epic_freebsd_attach() as reset is done in
epic_common_attach().
2002-08-19 20:24:13 +00:00
Andrey A. Chernov
853c779d87 Write null wide-character as L'\0' like in other places 2002-08-19 20:12:38 +00:00
Robert Watson
8815d2e899 Regen. 2002-08-19 20:02:29 +00:00
Robert Watson
f61b85492c mac_syscall is now implemented, switch to MSTD.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 20:01:31 +00:00
Juli Mallett
ded7008a07 Enclose IPv6 addresses in brackets when they are displayed printable with a
TCP/UDP port seperated by a colon.  This is for the log_in_vain facility.

Pointed out by:	Edward J. M. Brocklesby
Reviewed by:	ume
MFC after:	2 weeks
2002-08-19 19:47:13 +00:00
Brooks Davis
51e2390d61 Fix a couple of bogus return values in previous commit.
Submitted by:	"Vladimir B. " Grebenschikov <vova@sw.ru>
Pointy hat to:	brooks
2002-08-19 19:22:41 +00:00
Robert Watson
177142e458 Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}().  Pass in fp->f_cred
when calling these checks with a struct file available.  Otherwise,
pass NOCRED.  All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 19:04:53 +00:00
Søren Schmidt
8ba0fd9c32 Fix buffer length.
PR: 41063
2002-08-19 18:52:23 +00:00
Søren Schmidt
f6137a0df1 Fix typo. 2002-08-19 18:47:51 +00:00
Andrey A. Chernov
1e2cd54448 According to SUSv2, always return 0 for null wide-character code 2002-08-19 18:06:18 +00:00
Robert Watson
27f2eac7f3 Provide an implementation of mac_syscall() so that security modules
can offer new services without reserving system call numbers, or
augmented versions of existing services.  User code requests a
target policy by name, and specifies the policy-specific API plus
target.  This is required in particular for our port of SELinux/FLASK
to the MAC framework since it offers additional security services.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 17:59:48 +00:00
Gordon Tetlow
806fb7f53b Update manpage to reflect reality:
xntpd -> ntpd
single_mountd_enable -> mountd_enable
portmap -> rpcbind
2002-08-19 17:57:38 +00:00
Juli Mallett
6e82956c21 Clean up a comment talking about C strings, which are terminated with the
ASCII NUL character (0, or '\0' in C).
2002-08-19 17:20:03 +00:00
Juli Mallett
a10a751f68 s/trailing NULL/trailing NUL/ 2002-08-19 17:14:58 +00:00
Bruce A. Mah
94d4e7b64f New release note: SA-02:38. 2002-08-19 17:13:08 +00:00
Robert Watson
c024c3eeb1 Break out mac_check_pipe_op() into component check entry points:
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write().  This is improves consistency with other
access control entry points and permits security modules to only
control the object methods that they are interested in, avoiding
switch statements.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 16:59:37 +00:00
Doug Ambrisko
740f8a4472 Don't read the PCI config space during mii operations. Instead save whether
or not we have to limit the PHY detection in the softc structure.  Then
just check the flag.

Suggested by:	jdp
Reviewed by:	jdp
MFC after:	3 days
2002-08-19 16:54:26 +00:00
Robert Watson
7f724f8b51 Break out mac_check_vnode_op() into three seperate checks:
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write().
This improves the consistency with other existing vnode checks, and
allows policies to avoid implementing switch statements to determine
what operations they do and do not want to authorize.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 16:43:25 +00:00
Maxim Sobolev
c449db6ab2 Add a new -H' modifier, which when combined with -p' or `-P' allows to dump
full console history.
2002-08-19 16:33:23 +00:00
Maxim Sobolev
41a2a5c1c6 1. Allow information about current history size be retrieved using ioctl(2);
2. modify screen dumpung routine, so that in addition to visible area, it
   allows to grab any portion of history buffer as well.
2002-08-19 16:32:09 +00:00
Orion Hodson
14213e7d3e Cater for ich4 quirks.
Reported by: Jacob Rhoden
Tested by: Jacob Rhoden, mp
2002-08-19 16:03:56 +00:00
Robert Watson
b12baf55a4 Assert process locks in proces-related access control checks.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 15:30:30 +00:00
Robert Watson
851704bbd0 Add a missing vnode assertion for the exec() check.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 15:28:39 +00:00
Maxim Sobolev
f44fbeca9b Previous deltas (promisc mode) were a subject of:
MFC after:	1 week
2002-08-19 15:18:25 +00:00
Maxim Sobolev
ffb079be0c Implement user-setable promiscuous mode (a new `promisc' flag for ifconfig(8)).
Also, for all interfaces in this mode pass all ethernet frames to upper layer,
even those not addressed to our own MAC, which allows packets encapsulated
in those frames be processed with packet filters (ipfw(8) et al).

Emphatically requested by:	Anton Turygin <pa3op@ukr-link.net>
Valuable suggestions by:	fenner
2002-08-19 15:16:38 +00:00
Luigi Rizzo
5a155b405e One more (hopefully the last one) step in cleaning up the syntax,
following Julian's good suggestion: since you can specify any match
pattern as an option, rules now have the following format:

	[<proto> from <src> to <dst>] [options]

i.e. the first part is now entirely optional (and left there just
for compatibility with ipfw1 rulesets).

Add a "-c" flag to show/list rules in the compact form
(i.e. without the "ip from any to any" part) when possible.
The default is to include it so that scripts processing ipfw's
canonical output will still work.
Note that as part of this cleanup (and to remove ambiguity), MAC
fields now can only be specified in the options part.

Update the manpage to reflect the syntax.

Clarify the behaviour when a match is attempted on fields which
are not present in the packet, e.g. port numbers on non TCP/UDP
packets, and the "not" operator is specified. E.g.

	ipfw add allow not src-port 80

will match also ICMP packets because they do not have port numbers, so
"src-port 80" will fail and "not src-port 80" will succeed. For such
cases it is advised to insert further options to prevent undesired results
(e.g. in the case above, "ipfw add allow proto tcp not src-port 80").

We definitely need to rewrite the parser using lex and yacc!
2002-08-19 12:36:54 +00:00
Maxim Konovalov
cb4abe67ef Forced commit to correct a PR number in the previous commit. It is bin/40177.
Pointed out by: obrien
2002-08-19 09:19:31 +00:00
Andrey A. Chernov
9424df445a Move internal defines from ctype.h here 2002-08-19 09:02:49 +00:00
Maxim Sobolev
3471c917ec Fix last-minute typo which breaks the world.
Submitted by:	many
2002-08-19 08:59:20 +00:00
Andrey A. Chernov
153bb33daf Move internal defines from here to libc/locale/wcwidth.c 2002-08-19 08:58:51 +00:00
Andrey A. Chernov
dcc3da5862 Properly define SWIDTH1, add autowidth (was SWIDTH1) 2002-08-19 08:50:41 +00:00
Ruslan Ermilov
84a0a0eeac mdoc(7) police: fixed the document date.
Submitted by:	iedowse
2002-08-19 07:15:20 +00:00
Poul-Henning Kamp
0176455bc8 First snapshot of UFS2 EA support.
Sponsored by: DARPA & NAI Labs.
2002-08-19 07:01:55 +00:00
Poul-Henning Kamp
bd86d22c62 Remove the SIS_LOCK/SIS_UNLOCK from sis_attach(). It makes WITNESS
barf and there seem to be little room for contention during attach.
2002-08-19 06:56:50 +00:00
Poul-Henning Kamp
fee7d450d8 Keep a copy of the credential used to mount filesystems around so
we can check and use it later on.

Change the pieces of code which relied on mount->mnt_stat.f_owner
to check which user mounted the filesystem.

This became needed as the EA code needs to be able to allocate
blocks for "system" EA users like ACLs.

There seems to be some half-baked (probably only quarter- actually)
notion that the superuser for a given filesystem is the user who
mounted it, but this has far from been carried through.  It is
unclear if it should be.

Sponsored by: DARPA & NAI Labs.
2002-08-19 06:52:21 +00:00
Luigi Rizzo
e706181ba6 Major cleanup of the parser and printing routines in an attempt to
render the syntax less ambiguous.

Now rules can be in one of these two forms

	<action> <protocol> from <src> to <dst> [options]
	<action> MAC dst-mac src-mac mac-type [options]

however you can now specify MAC and IP header fields as options e.g.

	ipfw add allow all from any to any mac-type arp
	ipfw add allow all from any to any { dst-ip me or src-ip me }

which makes complex expressions a lot easier to write and parse.
The "all from any to any" part is there just for backward compatibility.

Manpage updated accordingly.
2002-08-19 04:52:15 +00:00
Luigi Rizzo
306fe283a1 Raise limit for port lists to 30 entries/ranges.
Remove a duplicate "logging" message, and identify the firewall
as ipfw2 in the boot message.
2002-08-19 04:45:01 +00:00
Juli Mallett
6879bea818 Leave room for a trailing NUL not a NULL, that's not an ASCII character. 2002-08-19 03:52:36 +00:00
Juli Mallett
3a7fc8ce59 Remove local prototypes for main(). 2002-08-19 03:07:56 +00:00
Juli Mallett
4a0193d39e Add a unary -not operator ala -false and !, for sake of completeness.
Obtained from:	OpenDarwin
MFC after:	1 week
2002-08-19 02:27:33 +00:00
Bruce Evans
49b2349b41 Added rules to generate .c files from .m files. Run mkdep on these .c
files.  This fixes at least "make" (without -j) after "make clean".
2002-08-19 01:00:37 +00:00
Johan Karlsson
83ca56da18 New release notes: chmod(1) -v -v; od(1) -A, -N, -j, -s, -t
MFCs noted: biff(1) b; cp(1) -n; mv(1) -n; od(1) -A, -N, -j, -s, -t

Release note modified: mv(1) -n

Reviewed by: bmah
2002-08-19 00:35:58 +00:00
Johan Karlsson
124a12c09d Last commit should also have said
PR:		bin/39816
Submitted by:	Dan Lukes <dan@obluda.cz>
2002-08-18 21:48:38 +00:00
Johan Karlsson
0319a6a43b Remove unused variable. camcontrol is now WARNS=2 clean on i386.
Approved by: 	ken, sheldonh (mentor)
2002-08-18 21:46:32 +00:00
Poul-Henning Kamp
91afe0874d A side effect of some debugging: prototypify and deregister. 2002-08-18 21:24:22 +00:00
Bruce Evans
0f64e446fe Finished removing env(1) commands, as in rev.1.13 but non-broken. Set
the environment for the last command of the pipeline (xargs) instead
of too early in the broken version or using an extra env process for
each command spawned by xargs as in rev.1.12.  Fixed a nearby English
error.
2002-08-18 20:41:19 +00:00
Johan Karlsson
ad23c58318 Correctly handle empty path arguments, e.g., whereis -S -f biff.
Approved by:	joerg, sheldonh (mentor)
2002-08-18 18:21:18 +00:00
John Polstra
92fd901869 Clarify the explanation of the behavior for setuid programs by
noting that the restrictions do not apply if the user invoking the
program is also the owner of the program.

Also, capitalize a section header properly.

PR:		misc/41180
2002-08-18 18:11:38 +00:00
Bruce Evans
7309e024bf Include <nlist.h> for nlist interfaces instead of depending on namespace
pollution in <kvm.h>.
2002-08-18 17:57:08 +00:00