1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-05 09:14:03 +00:00
freebsd/sys/kern
Robert Watson 0ef5652e27 o Introduce new kern.security sysctl tree for kernel security policy
MIB entries.
o Relocate kern.suser_permitted to kern.security.suser_permitted.
o Introduce new kern.security.unprivileged_procdebug_permitted, which
  (when set to 0) prevents processes without privilege from performing
  a variety of inter-process debugging activities.  The default is 1,
  to provide current behavior.

  This feature allows "hardened" systems to disable access to debugging
  facilities, which have been associated with a number of past security
  vulnerabilities.  Previously, while procfs could be unmounted, other
  in-kernel facilities (such as ptrace()) were still available.  This
  setting should not be modified on normal development systems, as it
  will result in frustration.  Some utilities respond poorly to
  failing to get the debugging access they require, and error response
  by these utilities may be improved in the future in the name of
  beautification.

  Note that there are currently some odd interactions with some
  facilities, which will need to be resolved before this should be used
  in production, including odd interactions with truss and ktrace.
  Note also that currently, tracing is permitted on the current process
  regardless of this flag, for compatibility with previous
  authorization code in various facilities, but that will probably
  change (and resolve the odd interactions).

Obtained from:	TrustedBSD Project
2001-07-31 15:48:21 +00:00
..
bus_if.m
device_if.m
genassym.sh Improve kernel bootstrapping: 2001-01-28 06:39:56 +00:00
imgact_aout.c With Alfred's permission, remove vm_mtx in favor of a fine-grained approach 2001-07-04 16:20:28 +00:00
imgact_elf.c With Alfred's permission, remove vm_mtx in favor of a fine-grained approach 2001-07-04 16:20:28 +00:00
imgact_gzip.c Undo part of the tangle of having sys/lock.h and sys/mutex.h included in 2001-05-01 08:13:21 +00:00
imgact_shell.c
inflate.c
init_main.c With Alfred's permission, remove vm_mtx in favor of a fine-grained approach 2001-07-04 16:20:28 +00:00
init_sysent.c Regen syscalls that were made mpsafe via vm_mtx 2001-05-19 01:37:12 +00:00
kern_acct.c o Merge contents of struct pcred into struct ucred. Specifically, add the 2001-05-25 16:59:11 +00:00
kern_acl.c o As part of the move to not maintaining copies of the vnode owning uid 2001-04-29 19:53:50 +00:00
kern_cap.c
kern_clock.c Remove unneeded includes of sys/ipl.h and machine/ipl.h. 2001-05-15 23:22:29 +00:00
kern_condvar.c Backout mwakeup, etc. 2001-07-06 01:16:43 +00:00
kern_conf.c Create a general facility for making dev_t's depend on another 2001-05-26 08:27:58 +00:00
kern_descrip.c o Merge contents of struct pcred into struct ucred. Specifically, add the 2001-05-25 16:59:11 +00:00
kern_environment.c Fix some warnings in kern_environment.c. Make the getenv*() family 2001-06-15 07:29:17 +00:00
kern_event.c Introduce EVFILT_TIMER, which allows a process to establish an 2001-07-19 18:34:40 +00:00
kern_exec.c Correct spelling in a comment and remove trailing newline from a 2001-07-11 02:04:43 +00:00
kern_exit.c As per further discussions on hackers redo the SIGCHLD patch to not generate 2001-07-22 18:47:31 +00:00
kern_fork.c Get rid of useless bcopy (the next statement was equivalent) 2001-07-09 19:00:08 +00:00
kern_idle.c - Split out the support for per-CPU data from the SMP code. UP kernels 2001-05-10 17:45:49 +00:00
kern_intr.c Make the schedlock saved critical section state a per-thread property. 2001-06-30 03:11:26 +00:00
kern_jail.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
kern_kthread.c Don't use kp->arg0 as a format string, grr. 2001-07-19 02:18:54 +00:00
kern_ktr.c - Replace the unused KTR_IDLELOOP trace class with a new KTR_WITNESS trace 2001-06-25 23:09:31 +00:00
kern_ktrace.c o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx(). 2001-07-05 17:10:46 +00:00
kern_linker.c Don't try to print a field that doesn't exist; in usually commented 2001-07-31 03:51:07 +00:00
kern_lock.c Instead of asserting that a mutex is not still locked after unlocking it, 2001-04-28 12:11:01 +00:00
kern_lockf.c Undo part of the tangle of having sys/lock.h and sys/mutex.h included in 2001-05-01 08:13:21 +00:00
kern_malloc.c Introduce numerous SMP friendly changes to the mbuf allocator. Namely, 2001-06-22 06:35:32 +00:00
kern_mib.c Fix cut/paste blunder. Serves me right for doing a last minute tweak 2001-07-27 15:52:49 +00:00
kern_module.c Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
kern_mutex.c Count the context switch when blocking on a mutex as a voluntary context 2001-06-25 18:29:32 +00:00
kern_ntptime.c Update to the 2001-04-02 version of the nanokernel code from Dave Mills. 2001-04-16 13:05:05 +00:00
kern_physio.c
kern_proc.c o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx(). 2001-07-05 17:10:46 +00:00
kern_prot.c o Introduce new kern.security sysctl tree for kernel security policy 2001-07-31 15:48:21 +00:00
kern_random.c
kern_resource.c add prototype for dosetrlimit 2001-07-22 00:21:19 +00:00
kern_shutdown.c - Sort includes. 2001-06-25 18:30:42 +00:00
kern_sig.c As per further discussions on hackers redo the SIGCHLD patch to not generate 2001-07-22 18:47:31 +00:00
kern_subr.c Remove spl's in uio_yield() that are covered by the sched_lock. 2001-07-03 15:58:37 +00:00
kern_switch.c Spelling fix in a KASSERT: runq_chose -> runq_choose. 2001-07-04 20:00:48 +00:00
kern_sx.c - Add trylock variants of shared and exclusive locks. 2001-06-27 06:39:37 +00:00
kern_synch.c Backout mwakeup, etc. 2001-07-06 01:16:43 +00:00
kern_syscalls.c
kern_sysctl.c Make dynamic sysctl entries start at 0x100, not decimal 100 - there are 2001-07-25 17:21:18 +00:00
kern_tc.c
kern_time.c Undo part of the tangle of having sys/lock.h and sys/mutex.h included in 2001-05-01 08:13:21 +00:00
kern_timeout.c Catch up to header include changes: 2001-03-28 09:17:56 +00:00
kern_xxx.c This is kind of a hack, but it should work. Currently, world is broken 2001-03-24 04:40:49 +00:00
ksched.c Undo part of the tangle of having sys/lock.h and sys/mutex.h included in 2001-05-01 08:13:21 +00:00
link_aout.c With this commit, I hereby pronounce gensetdefs past its use-by date. 2001-06-13 10:58:39 +00:00
link_elf_obj.c Use a machine dependent type, Elf_Hashelt, for the elements of the elf 2001-07-31 03:46:39 +00:00
link_elf.c Use a machine dependent type, Elf_Hashelt, for the elements of the elf 2001-07-31 03:46:39 +00:00
linker_if.m With this commit, I hereby pronounce gensetdefs past its use-by date. 2001-06-13 10:58:39 +00:00
Make.tags.inc Remove vestiges of MFS. 2001-06-01 10:07:28 +00:00
Makefile Remove vestiges of MFS. 2001-06-01 10:07:28 +00:00
makeobjops.pl revert previous commit (bad style and not needed) 2001-07-22 10:24:31 +00:00
makesyscalls.sh
md4c.c Import kernel part of SMB/CIFS requester. 2001-04-10 07:59:06 +00:00
md5c.c
p1003_1b.c o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx(). 2001-07-05 17:10:46 +00:00
posix4_mib.c
subr_acl_posix1e.c o As part of the move to not maintaining copies of the vnode owning uid 2001-04-29 19:53:50 +00:00
subr_autoconf.c
subr_blist.c With Alfred's permission, remove vm_mtx in favor of a fine-grained approach 2001-07-04 16:20:28 +00:00
subr_bus.c Move the hints gunk to a seperate file. It isn't really part of the 2001-07-14 08:25:18 +00:00
subr_clist.c Make cblock_alloc_cblocks() spell its own name 2001-03-27 10:21:26 +00:00
subr_devstat.c Another round of the <sys/queue.h> FOREACH transmogriffer. 2001-02-04 16:08:18 +00:00
subr_disk.c Remove the hack-around for the slice/label code, it didn't 2001-05-29 18:19:57 +00:00
subr_disklabel.c Create a general facility for making dev_t's depend on another 2001-05-26 08:27:58 +00:00
subr_diskmbr.c Create a general facility for making dev_t's depend on another 2001-05-26 08:27:58 +00:00
subr_diskslice.c Create a general facility for making dev_t's depend on another 2001-05-26 08:27:58 +00:00
subr_eventhandler.c Don't try to find an eventhandler list if the list of lists hasn't 2001-07-31 03:52:16 +00:00
subr_hints.c Go back to having either static OR dynamic hints, with fallback 2001-07-14 00:23:10 +00:00
subr_kobj.c
subr_log.c syslogd gets kernel log messages only once every 30 seconds or 2001-05-23 19:02:50 +00:00
subr_mbuf.c Use the tunable maxusers rather than the compile-time one. Evaluate and 2001-07-26 23:08:31 +00:00
subr_mchain.c Remove superfluous m_pkthdr.rcv_if = NULL assignment following 2001-02-25 06:33:50 +00:00
subr_module.c Preceed/preceeding are not english words. Use precede and preceding. 2001-02-18 10:43:53 +00:00
subr_param.c Move param.c out of the conf directory and make it fully dynamic. 2001-07-26 23:04:03 +00:00
subr_pcpu.c - Split out the support for per-CPU data from the SMP code. UP kernels 2001-05-10 17:45:49 +00:00
subr_prf.c Make the code to read the kernel message buffer via sysctl machine- 2001-07-03 19:44:07 +00:00
subr_prof.c We don't need to hold a lock just to test a flag. 2001-06-06 22:05:48 +00:00
subr_rman.c Handle NULL struct device *s 2001-05-28 01:00:03 +00:00
subr_sbuf.c Constify the format string. 2001-07-03 21:46:43 +00:00
subr_scanf.c
subr_smp.c - Split out the support for per-CPU data from the SMP code. UP kernels 2001-05-10 17:45:49 +00:00
subr_taskqueue.c remove include of ipl.h because it no longer exists 2001-05-16 02:52:06 +00:00
subr_trap.c postsig() currently requires Giant to be held. Giant is held properly at 2001-07-04 15:36:30 +00:00
subr_turnstile.c Count the context switch when blocking on a mutex as a voluntary context 2001-06-25 18:29:32 +00:00
subr_witness.c Add a missing ~ so that the LO_INITIALIZED flag actually gets turned off 2001-07-20 23:29:25 +00:00
subr_xxx.c Extend kqueue down to the device layer. 2001-02-15 16:34:11 +00:00
sys_generic.c Back out scanning file descriptors with holding a process lock. 2001-05-15 10:19:57 +00:00
sys_pipe.c cleanup: GIANT macros, rename DEPRECIATE to DEPRECATE 2001-07-04 17:11:03 +00:00
sys_process.c o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx(). 2001-07-05 17:10:46 +00:00
sys_socket.c Don't bother passing p to rtioctl just so it can fail to pass it to mrt_ioctl 2001-07-25 20:15:28 +00:00
syscalls.c Regen syscalls that were made mpsafe via vm_mtx 2001-05-19 01:37:12 +00:00
syscalls.master Remove a comment which was past its shelf life. 2001-05-29 09:22:22 +00:00
sysv_ipc.c
sysv_msg.c Fix obsolete code. 2001-07-30 19:28:02 +00:00
sysv_sem.c Export via sysctl: 2001-05-30 03:28:59 +00:00
sysv_shm.c With Alfred's permission, remove vm_mtx in favor of a fine-grained approach 2001-07-04 16:20:28 +00:00
tty_compat.c
tty_conf.c Unstaticize l_nullioctl; it is needed elsewhere (like in tty_snoop.c). 2001-06-04 23:30:47 +00:00
tty_cons.c With this commit, I hereby pronounce gensetdefs past its use-by date. 2001-06-13 10:58:39 +00:00
tty_pty.c Don't remove the SI_CHEAPCLONE for unsupported minors 2001-06-18 09:22:30 +00:00
tty_subr.c Make cblock_alloc_cblocks() spell its own name 2001-03-27 10:21:26 +00:00
tty_tty.c Support /dev/ctty again 2001-05-15 18:12:38 +00:00
tty.c Unifdef DEV_SNP; snp(4) no longer requires these ugly hacks. 2001-05-22 22:16:18 +00:00
uipc_accf.c Revert the last bits of my bogus move of NMBCLUSTERS 2001-06-01 21:47:34 +00:00
uipc_domain.c Sync with recent KAME. 2001-06-11 12:39:29 +00:00
uipc_mbuf2.c Sync with recent KAME. 2001-06-11 12:39:29 +00:00
uipc_mbuf.c Introduce numerous SMP friendly changes to the mbuf allocator. Namely, 2001-06-22 06:35:32 +00:00
uipc_proto.c
uipc_sockbuf.c Fix up indentation. 2001-06-29 04:01:38 +00:00
uipc_socket2.c Fix up indentation. 2001-06-29 04:01:38 +00:00
uipc_socket.c Undo part of the tangle of having sys/lock.h and sys/mutex.h included in 2001-05-01 08:13:21 +00:00
uipc_syscalls.c With Alfred's permission, remove vm_mtx in favor of a fine-grained approach 2001-07-04 16:20:28 +00:00
uipc_usrreq.c o Merge contents of struct pcred into struct ucred. Specifically, add the 2001-05-25 16:59:11 +00:00
vfs_acl.c o As part of the move to not maintaining copies of the vnode owning uid 2001-04-29 19:53:50 +00:00
vfs_aio.c Check validity of signal callback requested via aio routines. 2001-04-18 22:18:39 +00:00
vfs_bio.c Revert previous accidental commit. FWIW, it was part of enabling 2001-07-27 15:57:17 +00:00
vfs_cache.c Undo part of the tangle of having sys/lock.h and sys/mutex.h included in 2001-05-01 08:13:21 +00:00
vfs_cluster.c With Alfred's permission, remove vm_mtx in favor of a fine-grained approach 2001-07-04 16:20:28 +00:00
vfs_conf.c Undo part of the tangle of having sys/lock.h and sys/mutex.h included in 2001-05-01 08:13:21 +00:00
vfs_default.c With Alfred's permission, remove vm_mtx in favor of a fine-grained approach 2001-07-04 16:20:28 +00:00
vfs_export.c Since the netexport struct was centralised to 'struct mount', 2001-05-29 17:46:52 +00:00
vfs_extattr.c Constify the fstype argument to vfs_mount(). This eliminates at least one 2001-07-09 19:11:51 +00:00
vfs_init.c Revert consequences of changes to mount.h, part 2. 2001-04-29 02:45:39 +00:00
vfs_lookup.c After exhaustive discussions and some meandering and confusion, enough 2001-06-24 05:24:41 +00:00
vfs_mount.c Undo part of the tangle of having sys/lock.h and sys/mutex.h included in 2001-05-01 08:13:21 +00:00
vfs_subr.c Revert previous accidental commit. FWIW, it was part of enabling 2001-07-27 15:57:17 +00:00
vfs_syscalls.c Constify the fstype argument to vfs_mount(). This eliminates at least one 2001-07-09 19:11:51 +00:00
vfs_vnops.c This patch implements O_DIRECT about 80% of the way. It takes a patchset 2001-05-24 07:22:27 +00:00
vnode_if.pl replace calls to non-existant bail() subroutine with calls to 2001-03-23 11:48:50 +00:00
vnode_if.src correct description of `vpp' for mknod/symlink: they are actually 2001-07-24 16:16:00 +00:00