the build (oops!): replace calls to p_trespass() and PRISON_CHECK()
with p_can(..., {P_CAN_SEE, P_CAN_DEBUG}, NULL)
o Remove volatile usage from procfs_readdir() to remove warnings
o Apply bp's CREATE fix to linprocfs, causing EROFS to be returned on
CREATE calls to procfs_lookup()
o Some further synchronization still needs to occur: only existing
access checks were replaced, to fix the build--the new ones were not
added. I'll do this later today, this is a "fix the build quickly"
commit. This means that, in the interim, some information leakage
can still occur via linprocfs when using jail or kern.ps_showallprocs
Submitted by: knu
Approved by: des
Obtained from: TrustedBSD Project
not when ${firewall_type} is set to a filename, as we know
nothing about user's script specifics.
Reported by: Bernhard Valenti <bernhard.valenti@gmx.net>
- New support for 40LD firmware found in Series 475 and 471 adapters.
- Better support for 8LD firmware adapters
- Ioctl passthrough interface for userland utilities.
- Improved error handling and queueing.
- Several bugfixes (including the 'still open' shutdown bug and
closing some small race conditions).
- Zone-style command allocator, reducing memory wasted under heavy
load conditions.
- CAM interface (disabled and not fully working) for SCSI passthrough
access to non-disk devices
Thanks to AMI for supplying a pile of new adapters and various other
help in making this happen.
shouldn't be built by default. pcic and pccard are going to go
through some changes and I'll not be testing them on the alpha so I
don't want to break them for the FreeBSD/alpha folks.
int p_can(p1, p2, operation, privused)
which allows specification of subject process, object process,
inter-process operation, and an optional call-by-reference privused
flag, allowing the caller to determine if privilege was required
for the call to succeed. This allows jail, kern.ps_showallprocs and
regular credential-based interaction checks to occur in one block of
code. Possible operations are P_CAN_SEE, P_CAN_SCHED, P_CAN_KILL,
and P_CAN_DEBUG. p_can currently breaks out as a wrapper to a
series of static function checks in kern_prot, which should not
be invoked directly.
o Commented out capabilities entries are included for some checks.
o Update most inter-process authorization to make use of p_can() instead
of manual checks, PRISON_CHECK(), P_TRESPASS(), and
kern.ps_showallprocs.
o Modify suser{,_xxx} to use const arguments, as it no longer modifies
process flags due to the disabling of ASU.
o Modify some checks/errors in procfs so that ENOENT is returned instead
of ESRCH, further improving concealment of processes that should not
be visible to other processes. Also introduce new access checks to
improve hiding of processes for procfs_lookup(), procfs_getattr(),
procfs_readdir(). Correct a bug reported by bp concerning not
handling the CREATE case in procfs_lookup(). Remove volatile flag in
procfs that caused apparently spurious qualifier warnigns (approved by
bde).
o Add comment noting that ktrace() has not been updated, as its access
control checks are different from ptrace(), whereas they should
probably be the same. Further discussion should happen on this topic.
Reviewed by: bde, green, phk, freebsd-security, others
Approved by: bde
Obtained from: TrustedBSD Project
time being, the ASU accounting flag will no longer be available, but
may be reinstituted in the future once authorization have been redone.
As it is, the kernel went through contortions in access control to
avoid calling suser, which always set the flag. This will also allow
suser to accept const struct *{cred, proc} arguments.
Reviewed by: bde, green, phk, freebsd-security, others
Approved by: bde
Obtained from: TrustedBSD Project
also mention the peripheral name, bus, target and lun of the device we
attempted to put in that slot. This gives the user a little more
information about what is going on.
Tested by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
Discussed with: gibbs
for the Quantum "MAVERICK 540S" and "LPS525S".
Also, add common string variables, since we seem to have a few Quantum and
Micropolis drives in here.
Fix the 'quantum' variable usage in scsi_all.c that likely got broken when
someone staticized things in cam_xpt.c. (That particular problem would
cause Quantum Fireball ST drives to not get spun up if they were not
already spinning.)
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
- Add new funcions for device state stuff;
acpi_get_current_device_state() and acpi_set_device_state()
- Add new funcions for power resource stuff;
acpi_powerres_init(), acpi_powerres_debug(),
acpi_get_current_powerres_state() and acpi_set_powerres_state()
These were implemented based on 7.1, 7.2, 7.2.2, 7.2.3, 7.2.4, 7.3,
7.3.3, 7.4, 7.4.1, 7.4.2, 7.4.3 and 7.5 of ACPI spec 1.0b.
- The "Osd*" stuff went away from acpi driver code, use the bus_space
functions directly instead.
- Fix minor english bugs.
acpi_registers_input -> acpi_register_input
acpi_registers_output -> acpi_register_output
- Remove all magic numbers for the sleeping states. We now have
#defines for these.
- NULL is treated the same as the return from aml_get_rootname in
aml_find_from_namespace().
Suggested by: msmith
Thanks mike!
object before falling back on privilege. Make vaccess() accept an
additional optional argument, privused, to determine whether
privilege was required for vaccess() to return 0. Add commented
out capability checks for reference. Rename some variables to make
it more clear which modes/uids/etc are associated with the object,
and which with the access mode.
o Update file system use of vaccess() to pass NULL as the optional
privused argument. Once additional patches are applied, suser()
will no longer set ASU, so privused will permit passing of
privilege information up the stack to the caller.
Reviewed by: bde, green, phk, -security, others
Obtained from: TrustedBSD Project
the chgsbsize() call to use a "subject" pointer (&sb.sb_hiwat) and
a u_long target to set it to. The whole thing is splnet().
This fixes a problem that jdp has been able to provoke.