int p_can(p1, p2, operation, privused)
which allows specification of subject process, object process,
inter-process operation, and an optional call-by-reference privused
flag, allowing the caller to determine if privilege was required
for the call to succeed. This allows jail, kern.ps_showallprocs and
regular credential-based interaction checks to occur in one block of
code. Possible operations are P_CAN_SEE, P_CAN_SCHED, P_CAN_KILL,
and P_CAN_DEBUG. p_can currently breaks out as a wrapper to a
series of static function checks in kern_prot, which should not
be invoked directly.
o Commented out capabilities entries are included for some checks.
o Update most inter-process authorization to make use of p_can() instead
of manual checks, PRISON_CHECK(), P_TRESPASS(), and
kern.ps_showallprocs.
o Modify suser{,_xxx} to use const arguments, as it no longer modifies
process flags due to the disabling of ASU.
o Modify some checks/errors in procfs so that ENOENT is returned instead
of ESRCH, further improving concealment of processes that should not
be visible to other processes. Also introduce new access checks to
improve hiding of processes for procfs_lookup(), procfs_getattr(),
procfs_readdir(). Correct a bug reported by bp concerning not
handling the CREATE case in procfs_lookup(). Remove volatile flag in
procfs that caused apparently spurious qualifier warnigns (approved by
bde).
o Add comment noting that ktrace() has not been updated, as its access
control checks are different from ptrace(), whereas they should
probably be the same. Further discussion should happen on this topic.
Reviewed by: bde, green, phk, freebsd-security, others
Approved by: bde
Obtained from: TrustedBSD Project
time being, the ASU accounting flag will no longer be available, but
may be reinstituted in the future once authorization have been redone.
As it is, the kernel went through contortions in access control to
avoid calling suser, which always set the flag. This will also allow
suser to accept const struct *{cred, proc} arguments.
Reviewed by: bde, green, phk, freebsd-security, others
Approved by: bde
Obtained from: TrustedBSD Project
also mention the peripheral name, bus, target and lun of the device we
attempted to put in that slot. This gives the user a little more
information about what is going on.
Tested by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
Discussed with: gibbs
for the Quantum "MAVERICK 540S" and "LPS525S".
Also, add common string variables, since we seem to have a few Quantum and
Micropolis drives in here.
Fix the 'quantum' variable usage in scsi_all.c that likely got broken when
someone staticized things in cam_xpt.c. (That particular problem would
cause Quantum Fireball ST drives to not get spun up if they were not
already spinning.)
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
- Add new funcions for device state stuff;
acpi_get_current_device_state() and acpi_set_device_state()
- Add new funcions for power resource stuff;
acpi_powerres_init(), acpi_powerres_debug(),
acpi_get_current_powerres_state() and acpi_set_powerres_state()
These were implemented based on 7.1, 7.2, 7.2.2, 7.2.3, 7.2.4, 7.3,
7.3.3, 7.4, 7.4.1, 7.4.2, 7.4.3 and 7.5 of ACPI spec 1.0b.
- The "Osd*" stuff went away from acpi driver code, use the bus_space
functions directly instead.
- Fix minor english bugs.
acpi_registers_input -> acpi_register_input
acpi_registers_output -> acpi_register_output
- Remove all magic numbers for the sleeping states. We now have
#defines for these.
- NULL is treated the same as the return from aml_get_rootname in
aml_find_from_namespace().
Suggested by: msmith
Thanks mike!
object before falling back on privilege. Make vaccess() accept an
additional optional argument, privused, to determine whether
privilege was required for vaccess() to return 0. Add commented
out capability checks for reference. Rename some variables to make
it more clear which modes/uids/etc are associated with the object,
and which with the access mode.
o Update file system use of vaccess() to pass NULL as the optional
privused argument. Once additional patches are applied, suser()
will no longer set ASU, so privused will permit passing of
privilege information up the stack to the caller.
Reviewed by: bde, green, phk, -security, others
Obtained from: TrustedBSD Project
the chgsbsize() call to use a "subject" pointer (&sb.sb_hiwat) and
a u_long target to set it to. The whole thing is splnet().
This fixes a problem that jdp has been able to provoke.
cookbook section about needing to copy GENERIC.hints to
/boot/device.hints, as well as a footnote about exceptions to this
rule.
Partially suggested by: obrien
When we use PC-Card as install media, it is a patch
to tell with beep about whether we were able to
recognize it well.
Reviewed by: jkh, imp
Tested by: Kenji Yamada <kyamada@ISI.EDU>
X field is treated the same as the unit number for acdX. The optional
Y parameter specifies the number of track devices to create starting at
track 1. If Y is not specified, it defaults to 100.
- Add the acd0t target to the all target to preserve previous behavior.
- Don't add the acd0t target to the fixit target, thus keeping the fixit
floppy from running out of i-nodes.
statistics as a side effect.
Submitted by: Marcin Cieslak <saper@system.pl>
with some tweaks to RAD_ACCT_SESSION_ID and
RAD_ACCT_MULTI_SESSION_ID generation by me.
using killall.c instead of the perl version that depends on procfs.
The C version uses sysctl(). The program is based on a hack that was
originally written about 6 years ago and has evolved somewhat since then.
(which is why it is a superset of killall.pl, rather than being a clone.)
With apologies to: wosch