mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-02-01 17:00:36 +00:00
Code Issues Releases Activity
freebsd/sys/kern
History
Robert Watson 8a7d8cc675 - Combine kern.ps_showallprocs and kern.ipc.showallsockets into 
a single kern.security.seeotheruids_permitted, describes as:
  "Unprivileged processes may see subjects/objects with different real uid"
  NOTE: kern.ps_showallprocs exists in -STABLE, and therefore there is
  an API change.  kern.ipc.showallsockets does not.
- Check kern.security.seeotheruids_permitted in cr_cansee().
- Replace visibility calls to socheckuid() with cr_cansee() (retain
  the change to socheckuid() in ipfw, where it is used for rule-matching).
- Remove prison_unpcb() and make use of cr_cansee() against the UNIX
  domain socket credential instead of comparing root vnodes for the
  UDS and the process.  This allows multiple jails to share the same
  chroot() and not see each others UNIX domain sockets.
- Remove unused socheckproc().

Now that cr_cansee() is used universally for socket visibility, a variety
of policies are more consistently enforced, including uid-based
restrictions and jail-based restrictions.  This also better-supports
the introduction of additional MAC models.

Reviewed by:	ps, billf
Obtained from:	TrustedBSD Project
2001-10-09 21:40:30 +00:00
..
bus_if.m
device_if.m
genassym.sh
imgact_aout.c
Make uio_yield() a global. Call uio_yield() between chunks
2001-09-26 06:54:32 +00:00
imgact_elf.c
Make uio_yield() a global. Call uio_yield() between chunks
2001-09-26 06:54:32 +00:00
imgact_gzip.c
imgact_shell.c
inflate.c
init_main.c
Don't initialize proc0's mutex twice. It is already done earlier on in the
2001-09-18 22:09:47 +00:00
init_sysent.c
o Part two of eaccess(2) commit, rebuilt system call code.
2001-09-21 21:34:06 +00:00
kern_acct.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_acl.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_cap.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_clock.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_condvar.c
Add missing ; in last commit
2001-09-19 02:53:59 +00:00
kern_conf.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_descrip.c
When FREE()ing kqueue related structures, charge them to the correct bucket.
2001-09-30 17:00:56 +00:00
kern_environment.c
Add a pointer to kenv(1).
2001-09-21 02:25:53 +00:00
kern_event.c
Have EVFILT_TIMERS allocate their callouts via malloc() instead of using
2001-09-29 17:48:39 +00:00
kern_exec.c
proces -> process in a comment.
2001-10-09 17:25:30 +00:00
kern_exit.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_fork.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_idle.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_intr.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_jail.c
o Initialize per-jail securelevel from global securelevel as part of
2001-09-26 20:37:15 +00:00
kern_kthread.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_ktr.c
kern_ktrace.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_linker.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_lock.c
Fix locking on td_flags for TDF_DEADLKTREAT. If the comments in the code
2001-09-13 22:33:37 +00:00
kern_lockf.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_malloc.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_mib.c
o Introduce an 'options REGRESSION'-dependant sysctl namespaces,
2001-10-07 03:51:22 +00:00
kern_module.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_mutex.c
Remove superflous parens after de-macroizing.
2001-09-26 00:05:18 +00:00
kern_ntptime.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_physio.c
kern_proc.c
- Combine kern.ps_showallprocs and kern.ipc.showallsockets into
2001-10-09 21:40:30 +00:00
kern_prot.c
- Combine kern.ps_showallprocs and kern.ipc.showallsockets into
2001-10-09 21:40:30 +00:00
kern_random.c
kern_resource.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_sema.c
kern_shutdown.c
decrement the dumping variable after use so we can call it several times
2001-09-20 06:08:53 +00:00
kern_sig.c
Fix a typo in do_sigaction() where sa_sigaction and sa_handler were
2001-10-07 16:11:37 +00:00
kern_subr.c
Make uio_yield() a global. Call uio_yield() between chunks
2001-09-26 06:54:32 +00:00
kern_switch.c
Change p into ke->ke_proc, this was hidden behind INVARIANTS.
2001-09-18 03:36:21 +00:00
kern_sx.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_synch.c
GC some #if 0'd code.
2001-09-21 19:21:18 +00:00
kern_syscalls.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
kern_sysctl.c
o Modify sysctl access control check to use securelevel_gt(), and
2001-09-26 19:51:25 +00:00
kern_tc.c
kern_time.c
o Modify static settime() to accept the proc * for the process requesting
2001-09-26 19:53:57 +00:00
kern_timeout.c
kern_xxx.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
ksched.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
link_aout.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
link_elf_obj.c
The ia64 kernel is now linked dynamically so parse its _DYNAMIC structure.
2001-09-15 11:02:10 +00:00
link_elf.c
The ia64 kernel is now linked dynamically so parse its _DYNAMIC structure.
2001-09-15 11:02:10 +00:00
linker_if.m
Make.tags.inc
Makefile
makeobjops.pl
makesyscalls.sh
Fix breakage caused by previous commit. The lkmnosys and lkmressys
2001-10-07 00:16:31 +00:00
md4c.c
md5c.c
p1003_1b.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
posix4_mib.c
subr_acl_posix1e.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
subr_autoconf.c
subr_blist.c
subr_bus.c
subr_clist.c
subr_devstat.c
subr_disk.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
subr_disklabel.c
subr_diskmbr.c
subr_diskslice.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
subr_eventhandler.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
subr_hints.c
Fix a fatal type mismatch (char *static_env; vs char static_env[]).
2001-09-17 21:27:41 +00:00
subr_kobj.c
subr_log.c
Use the passed in thread to selrecord() instead of curthread.
2001-09-21 22:46:54 +00:00
subr_mbuf.c
Re-enable mbtypes statistics in the mbuf allocator. I disabled these
2001-09-30 01:58:39 +00:00
subr_mchain.c
subr_module.c
subr_param.c
subr_pcpu.c
subr_prf.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
subr_prof.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
subr_rman.c
subr_sbuf.c
Add a couple of API functions I need for my pseudofs WIP. Documentation
2001-09-29 00:32:46 +00:00
subr_scanf.c
subr_smp.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
subr_taskqueue.c
subr_trap.c
Remove a bogus comment. "atomic" doesn't mean that the operation is done
2001-09-21 19:26:57 +00:00
subr_turnstile.c
Remove superflous parens after de-macroizing.
2001-09-26 00:05:18 +00:00
subr_witness.c
Replace 'curproc' with 'td->td_proc'.
2001-10-08 21:05:46 +00:00
subr_xxx.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
sys_generic.c
The P_SELECT flag was moved from p->p_flag to td->td_flags, but p_flag
2001-09-21 22:06:22 +00:00
sys_pipe.c
Use the passed in thread to selrecord() instead of curthread.
2001-09-21 22:46:54 +00:00
sys_process.c
Dissociate ptrace from procfs.
2001-10-07 20:08:42 +00:00
sys_socket.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
syscalls.c
o Part two of eaccess(2) commit, rebuilt system call code.
2001-09-21 21:34:06 +00:00
syscalls.master
o Introduce eaccess(2), a version of access(2) that uses the effective
2001-09-21 21:33:22 +00:00
sysv_ipc.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
sysv_msg.c
Make msgseg, msgssz (->msgmax) and msgmni TUNABLE.
2001-09-21 09:25:17 +00:00
sysv_sem.c
PR: kern/29698 (part)
2001-09-13 21:06:41 +00:00
sysv_shm.c
PR: kern/29698 (part)
2001-09-13 20:20:09 +00:00
tty_compat.c
tty_conf.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
tty_cons.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
tty_pty.c
Use the passed in thread pointer instead of curthread in calls to
2001-09-21 22:22:25 +00:00
tty_subr.c
tty_tty.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
tty.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
uipc_accf.c
uipc_domain.c
uipc_mbuf2.c
uipc_mbuf.c
uipc_proto.c
uipc_sockbuf.c
Allow sbcreatecontrol to make cluster sized control messages.
2001-10-04 12:59:53 +00:00
uipc_socket2.c
Allow sbcreatecontrol to make cluster sized control messages.
2001-10-04 12:59:53 +00:00
uipc_socket.c
- Combine kern.ps_showallprocs and kern.ipc.showallsockets into
2001-10-09 21:40:30 +00:00
uipc_syscalls.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
uipc_usrreq.c
- Combine kern.ps_showallprocs and kern.ipc.showallsockets into
2001-10-09 21:40:30 +00:00
vfs_acl.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
vfs_aio.c
The aio kthreads start off with a root credential just like all other
2001-10-05 17:55:11 +00:00
vfs_bio.c
Enable vmiodirenable by default. Remove incorrect comment from sysctl.conf.
2001-09-26 19:35:04 +00:00
vfs_cache.c
After extensive testing it has been determined that adding complexity
2001-10-01 04:33:35 +00:00
vfs_cluster.c
vfs_conf.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
vfs_default.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
vfs_export.c
vfs_extattr.c
o Complete the migration from suser error checking in the following form
2001-10-01 20:01:07 +00:00
vfs_init.c
vfs_lookup.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
vfs_mount.c
KSE Milestone 2
2001-09-12 08:38:13 +00:00
vfs_subr.c
WS Cleanup
2001-10-08 19:51:13 +00:00
vfs_syscalls.c
o Complete the migration from suser error checking in the following form
2001-10-01 20:01:07 +00:00
vfs_vnops.c
Make uio_yield() a global. Call uio_yield() between chunks
2001-09-26 06:54:32 +00:00
vnode_if.pl
KSE Milestone 2
2001-09-12 08:38:13 +00:00
vnode_if.src
KSE Milestone 2
2001-09-12 08:38:13 +00:00