d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
eff8154913
freebsd-dev/lib/libc
History
Kyle Evans 63619b6dba vfs: add restrictions to read(2) of a directory [2/2] 
This commit adds the priv(9) that waters down the sysctl to make it only
allow read(2) of a dirfd by the system root. Jailed root is not allowed, but
jail policy and superuser policy will abstain from allowing/denying it so
that a MAC module can fully control the policy.

Such a MAC module has been written, and can be found at:
https://people.freebsd.org/~kevans/mac_read_dir-0.1.0.tar.gz

It is expected that the MAC module won't be needed by many, as most only
need to do such diagnostics that require this behavior as system root
anyways. Interested parties are welcome to grab the MAC module above and
create a port or locally integrate it, and with enough support it could see
introduction to base. As noted in mac_read_dir.c, it is released under the
BSD 2 clause license and allows the restrictions to be lifted for only
jailed root or for all unprivileged users.

PR:		246412
Reviewed by:	mckusick, kib, emaste, jilles, cy, phk, imp (all previous)
Reviewed by:	rgrimes (latest version)
Differential Revision:	https://reviews.freebsd.org/D24596
2020-06-04 18:17:25 +00:00
..
aarch64 Fix initial exec TLS mode for dynamically loaded shared objects. 2019-03-29 17:52:57 +00:00
amd64 amd64: sync up libc memcmp with the kernel version (r357309) 2020-01-30 19:57:05 +00:00
arm arm/ffs.S: remove stale comment. 2019-12-28 02:11:41 +00:00
capability Replace dot-dot relative pathing with SRCTOP-relative paths where possible 2017-01-20 03:23:24 +00:00
compat-43 Adjust history, info source from v1's manuals 2019-09-04 13:44:46 +00:00
db Remove the SYMVER build option. 2020-04-30 22:08:40 +00:00
gdtoa Remove sparc64 specific parts of libc. 2020-02-26 18:55:09 +00:00
gen Implement Solaris-like link_map l_refname member. 2020-05-22 17:52:09 +00:00
gmon mcount: tidy up ANSIfication 2018-10-20 22:39:35 +00:00
i386 remove obsolete i386 MD memchr implementation 2019-09-25 16:49:22 +00:00
iconv Remove the SYMVER build option. 2020-04-30 22:08:40 +00:00
include Mark closefrom(2) COMPAT12, reimplement in libc to wrap close_range 2020-04-14 18:07:42 +00:00
inet libc: fix cases of undefined behavior. 2018-08-07 15:24:19 +00:00
isc SPDX: more ISC-related files. 2017-12-08 17:52:53 +00:00
locale Use proper mdoc(7) macros for literal text and do not use Tn 2020-04-01 09:01:35 +00:00
md Replace dot-dot relative pathing with SRCTOP-relative paths where possible 2017-01-20 03:23:24 +00:00
mips mips: fix some mcount nits 2019-09-02 01:55:55 +00:00
nameser Bounds check again after advancing cp, otherwise we have a possible 2019-09-05 19:35:30 +00:00
net libc: Shortcut if_indextoname() if index == 0 2020-04-23 21:16:51 +00:00
nls Fix race condition in catopen(3). 2020-03-19 06:33:06 +00:00
posix1e Remove the SYMVER build option. 2020-04-30 22:08:40 +00:00
powerpc [PowerPC] Fix typo in _ctx_start on ppc32 2019-11-23 23:41:21 +00:00
powerpc64 Fix r358688 -- Remember to actually save r3 before processing. 2020-03-11 23:34:44 +00:00
powerpcspe [PowerPC] Fix SPE floating point environment manipulation 2019-12-12 17:12:18 +00:00
quad Add casts and L suffixes to libc quad support, to work around various 2020-02-17 20:14:59 +00:00
regex lib/libc/regex: fix build with REDEBUG defined 2019-09-24 12:21:01 +00:00
resolv Rather than using the legacy IP struct fields in the union for the 2019-06-04 20:53:35 +00:00
riscv Check the magic value in longjmp() before calling sigprocmask(). 2020-04-21 17:40:23 +00:00
rpc Fix -Wvoid-pointer-to-enum-cast warnings. 2020-04-15 18:15:58 +00:00
secure Remove the SYMVER build option. 2020-04-30 22:08:40 +00:00
softfloat Add implementations for clog(3), clogf(3), and clog(3). 2018-05-13 09:54:34 +00:00
stdio Add HISTORY section to getc(3) 2020-04-10 09:37:20 +00:00
stdlib Fix a typo: argments -> arguments 2020-05-19 11:05:27 +00:00
stdtime strptime: make %k and %l specifiers match their description in 2018-11-03 23:37:13 +00:00
string strdup.3: Slightly canonicalize OOM return/error status 2020-05-05 17:57:04 +00:00
sys vfs: add restrictions to read(2) of a directory [2/2] 2020-06-04 18:17:25 +00:00
tests Provide O_SEARCH 2020-02-02 16:34:57 +00:00
uuid libc: further adoption of SPDX licensing ID tags. 2017-11-25 17:12:48 +00:00
x86 Remove resolver_qual from DEFINE_IFUNC/DEFINE_UIFUNC macros. 2019-05-16 22:20:54 +00:00
xdr typo: s/impelmentation/implementation/. 2020-02-07 15:14:29 +00:00
yp Increase the size of the send and receive buffers for YP client rpc 2019-09-16 06:42:01 +00:00
libc_nossp.ldscript Add different libc ldscript: the one without libssp -- 2016-10-12 13:19:21 +00:00
libc.ldscript
Makefile Remove sparc64 specific parts of libc. 2020-02-26 18:55:09 +00:00
Makefile.depend Update Makefile.depend files 2019-12-11 17:37:53 +00:00
Makefile.depend.options Update libssp paths in various Makefile.depend* files 2020-01-06 18:15:55 +00:00
Versions.def Create namespace for the symbols added during 13-CURRENT cycle. 2018-11-12 19:12:14 +00:00