d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0489082737
freebsd-dev/sys
History
Robert Watson 0489082737 o Disable two "allow this" exceptions in p_cansched()m retricting the 
ability of unprivileged processes to modify the scheduling properties
  of daemons temporarily taking on unprivileged effective credentials.
  These cases (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) and
  (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid), respectively permitting
  a subject process to influence the scheduling of a daemon if the subject
  process has the same real uid or effective uid as the daemon's effective
  uid.  This removes a number of the warning cases identified by the
  proc_to_proc iner-process authorization regression test.
o As these are new restrictions, we'll have to watch out carefully for
  possible side effects on running code: they seem reasonable to me,
  but it's possible this change might have to be backed out if problems
  are experienced.

Reported by:	src/tools/regression/security/proc_to_proc/testuid
Obtained from:	TrustedBSD Project
2001-04-12 22:46:07 +00:00
..
alpha Rename the IPI API from smp_ipi_* to ipi_* since the smp_ prefix is just 2001-04-11 17:06:02 +00:00
amd64 Rename the IPI API from smp_ipi_* to ipi_* since the smp_ prefix is just 2001-04-11 17:06:02 +00:00
arm/include Correct disordering which is corresponding to bde's fix to 2001-02-17 14:51:11 +00:00
boot no longer needed now that we are able to build cdboot from sources again 2001-04-08 00:01:54 +00:00
cam If we have and error and are booting verbosely, don't be complaining 2001-04-04 18:24:35 +00:00
coda Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
compat Add linux_sched_get_priority_max() and linux_sched_get_priority_min(): The 2001-04-01 06:37:40 +00:00
compile
conf Merged from options.i386 revision 1.147. 2001-04-12 12:28:42 +00:00
contrib/dev Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
crypto Kernel crypto need binary key material, not symbolic ascii. 2001-03-10 13:02:58 +00:00
ddb Catch up to header include changes: 2001-03-28 09:17:56 +00:00
dev Regen. 2001-04-12 11:08:59 +00:00
fs Import kernel part of SMB/CIFS requester. 2001-04-10 07:59:06 +00:00
geom fix a number of printf format string warnings inside DEBUG ifdefs 2001-03-29 15:05:08 +00:00
gnu Fixes to track snapshot copy-on-write checking in the specinfo 2001-03-07 07:09:55 +00:00
i4b Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
i386 o Introduce "options REGRESSION", a kernel option which enables 2001-04-11 19:29:24 +00:00
ia64 Rename the IPI API from smp_ipi_* to ipi_* since the smp_ prefix is just 2001-04-11 17:06:02 +00:00
isa Catch up to header include changes: 2001-03-28 09:17:56 +00:00
isofs/cd9660 Add missed MODULE_VERSION() call, so loading of unicode conversion routine 2001-03-11 15:28:42 +00:00
kern o Disable two "allow this" exceptions in p_cansched()m retricting the 2001-04-12 22:46:07 +00:00
libkern Add function prototypes and base module for kernel side iconv library. 2001-04-09 09:39:29 +00:00
miscfs - Various style fixes. 2001-03-29 18:10:46 +00:00
modules We now depend on miibus_if.h. 2001-04-09 21:34:52 +00:00
msdosfs Grab the process lock while calling psignal and before calling psignal. 2001-03-07 03:37:06 +00:00
net Move the decision whether we want to request authentication from our 2001-04-08 20:29:09 +00:00
netatalk Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
netatm Silence some warnings 2001-03-20 10:42:49 +00:00
netgraph Don't reference a node after we dropped a reference to it 2001-04-11 22:04:47 +00:00
netinet fix security hole created by fragment cache 2001-04-06 15:52:28 +00:00
netinet6 - correct logic of per-address input packet counts for lo0 2001-04-05 19:45:02 +00:00
netipx Another round of the <sys/queue.h> FOREACH transmogriffer. 2001-02-04 16:08:18 +00:00
netkey fixed possibility of panic at key_acquire(). 2001-01-14 17:25:08 +00:00
netnatm Change a couple of M_WAITOKs used in M_PREPEND() to M_TRYWAITs, which 2001-04-05 04:20:48 +00:00
netncp Move bindery authentication ncps to ncp_ncp.c file. ncp_login.c will stay 2001-03-22 10:38:16 +00:00
netns * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. 2000-12-21 21:44:31 +00:00
netsmb Pull constants from netsmb/smb.h. 2001-04-11 21:35:51 +00:00
nfs Create debug.hashstat.[raw]nchash and debug.hashstat.[raw]nfsnode to 2001-04-11 00:39:20 +00:00
nfsclient Create debug.hashstat.[raw]nchash and debug.hashstat.[raw]nfsnode to 2001-04-11 00:39:20 +00:00
nfsserver Use a generic implementation of the Fowler/Noll/Vo hash (FNV hash). 2001-03-17 09:31:06 +00:00
ntfs Reviewed by: jlemon 2001-03-01 21:00:17 +00:00
nwfs Add dependancy on libmchain module. 2001-03-22 06:51:53 +00:00
pc98 Correct typo. 2001-04-01 07:15:16 +00:00
pccard Fix minor typo in comment. 112x -> 12xx 2001-04-11 22:49:00 +00:00
pci Fix minor typo in comment. 112x -> 12xx 2001-04-11 22:49:00 +00:00
posix4 Lock need_resched with sched_lock. 2001-02-22 13:46:09 +00:00
powerpc Rework the witness code to work with sx locks as well as mutexes. 2001-03-28 09:03:24 +00:00
rpc Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and 2001-03-19 12:50:13 +00:00
svr4
sys o Replace p_cankill() with p_cansignal(), remove wrappage of p_can() 2001-04-12 02:38:08 +00:00
tools replace calls to non-existant bail() subroutine with calls to 2001-03-23 11:48:50 +00:00
ufs Directory layout preference improvements from Grigoriy Orlov <gluk@ptci.ru>. 2001-04-10 08:38:59 +00:00
vm remove truncated part from commment 2001-04-12 21:50:03 +00:00
Makefile