d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8a7d8cc675
freebsd-nq/sys
History
Robert Watson 8a7d8cc675 - Combine kern.ps_showallprocs and kern.ipc.showallsockets into 
a single kern.security.seeotheruids_permitted, describes as:
  "Unprivileged processes may see subjects/objects with different real uid"
  NOTE: kern.ps_showallprocs exists in -STABLE, and therefore there is
  an API change.  kern.ipc.showallsockets does not.
- Check kern.security.seeotheruids_permitted in cr_cansee().
- Replace visibility calls to socheckuid() with cr_cansee() (retain
  the change to socheckuid() in ipfw, where it is used for rule-matching).
- Remove prison_unpcb() and make use of cr_cansee() against the UNIX
  domain socket credential instead of comparing root vnodes for the
  UDS and the process.  This allows multiple jails to share the same
  chroot() and not see each others UNIX domain sockets.
- Remove unused socheckproc().

Now that cr_cansee() is used universally for socket visibility, a variety
of policies are more consistently enforced, including uid-based
restrictions and jail-based restrictions.  This also better-supports
the introduction of additional MAC models.

Reviewed by:	ps, billf
Obtained from:	TrustedBSD Project
2001-10-09 21:40:30 +00:00
..
alpha Dissociate ptrace from procfs. 2001-10-07 20:08:42 +00:00
amd64 Remove the Xresume* labels from the i386 interrupt handlers; the 2001-10-09 19:54:52 +00:00
arm o Remove some GCCisms in src/powerpc/include/endian.h. 2001-08-30 00:04:19 +00:00
boot s/alpha/${MACHINE_ARCH}/g 2001-10-08 01:41:45 +00:00
cam o Modify access control code for the CAM SCSI pass-through device to 2001-09-26 20:13:16 +00:00
coda Use the passed in thread to selrecord() instead of curthread. 2001-09-21 22:26:51 +00:00
compat Catch up with the visibility callback stuff, and give up trying to keep the 2001-10-01 04:31:05 +00:00
conf Note that this driver is soon to be deprecated and removed from FreeBSD. 2001-10-09 00:14:41 +00:00
contrib Remove file obsoleted by the 20010920 snapshot. 2001-10-04 23:17:35 +00:00
crypto properly check DES weak key. KAME PR 363. 2001-07-03 17:46:48 +00:00
ddb Fill out some gaps in ia64 DDB support. This involves generalising DDB's 2001-09-15 11:06:07 +00:00
dev Update to using the pcm_getbuffersize() method. 2001-10-09 19:46:09 +00:00
fs Dissociate ptrace from procfs. 2001-10-07 20:08:42 +00:00
geom KSE Milestone 2 2001-09-12 08:38:13 +00:00
gnu The addition of i_dirhash to struct inode pushed RELENG_4's 2001-09-24 18:29:20 +00:00
i4b sppp rewrites the interface's ip address directly; this breaks when the 2001-10-01 18:03:56 +00:00
i386 Remove the Xresume* labels from the i386 interrupt handlers; the 2001-10-09 19:54:52 +00:00
ia64 Clarify a comment. 2001-10-09 19:50:29 +00:00
isa Remove an unneeded variable declaration and statement. 2001-10-09 16:06:28 +00:00
isofs/cd9660 KSE Milestone 2 2001-09-12 08:38:13 +00:00
kern - Combine kern.ps_showallprocs and kern.ipc.showallsockets into 2001-10-09 21:40:30 +00:00
libkern Implement these using mux1 and extr.u. I'll update the userland versions 2001-10-06 08:35:05 +00:00
modules Activate the bridge/dummynet modules. 2001-10-05 07:09:27 +00:00
net - Fix typo in "didn't find tag in list" code -- != should have been ==. 2001-10-06 05:02:11 +00:00
netatalk KSE Milestone 2 2001-09-12 08:38:13 +00:00
netatm KSE Milestone 2 2001-09-12 08:38:13 +00:00
netgraph Hopefully improve control message passing over Unix domain sockets. 2001-10-04 13:11:48 +00:00
netinet - Combine kern.ps_showallprocs and kern.ipc.showallsockets into 2001-10-09 21:40:30 +00:00
netinet6 Make faith loadable, unloadable, and clonable. 2001-09-25 18:40:52 +00:00
netipx KSE Milestone 2 2001-09-12 08:38:13 +00:00
netkey KSE Milestone 2 2001-09-12 08:38:13 +00:00
netnatm Change a couple of M_WAITOKs used in M_PREPEND() to M_TRYWAITs, which 2001-04-05 04:20:48 +00:00
netncp KSE Milestone 2 2001-09-12 08:38:13 +00:00
netns
netsmb Map errdos:67 to the ENOENT. 2001-08-21 09:16:57 +00:00
nfs Unwind some more macros. NFSMADV() was kinda silly since it was right 2001-09-28 04:37:08 +00:00
nfsclient Use crhold() instead of crdup() since we aren't modifying the cred but 2001-10-09 16:48:57 +00:00
nfsserver Unwind some more macros. NFSMADV() was kinda silly since it was right 2001-09-28 04:37:08 +00:00
pc98 Rewrite the pc98 bus_space stuff. 2001-10-07 10:04:18 +00:00
pccard Fix, I think, The second slot problem with Cirrus Logic PD6729/30 parts: 2001-09-21 06:45:35 +00:00
pci Note that this driver is soon to be deprecated and removed from FreeBSD. 2001-10-09 00:14:41 +00:00
posix4 KSE Milestone 2 2001-09-12 08:38:13 +00:00
powerpc Add a call to init_param() to initialize some necessary variables. 2001-10-08 00:44:21 +00:00
rpc Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and 2001-03-19 12:50:13 +00:00
sparc64 Dissociate ptrace from procfs. 2001-10-07 20:08:42 +00:00
svr4
sys Bump for switch to XFree86 4.x. 2001-10-09 07:36:36 +00:00
tools KSE Milestone 2 2001-09-12 08:38:13 +00:00
ufs Remove panics for rename() race conditions. The panics are inappropriate 2001-10-08 00:37:54 +00:00
vm Remove the SSLEEP case from the load average computation. This has 2001-10-04 22:33:31 +00:00
Makefile