freebsd-nq

History

Robert Watson 8a7d8cc675 - Combine kern.ps_showallprocs and kern.ipc.showallsockets into a single kern.security.seeotheruids_permitted, describes as: "Unprivileged processes may see subjects/objects with different real uid" NOTE: kern.ps_showallprocs exists in -STABLE, and therefore there is an API change. kern.ipc.showallsockets does not. - Check kern.security.seeotheruids_permitted in cr_cansee(). - Replace visibility calls to socheckuid() with cr_cansee() (retain the change to socheckuid() in ipfw, where it is used for rule-matching). - Remove prison_unpcb() and make use of cr_cansee() against the UNIX domain socket credential instead of comparing root vnodes for the UDS and the process. This allows multiple jails to share the same chroot() and not see each others UNIX domain sockets. - Remove unused socheckproc(). Now that cr_cansee() is used universally for socket visibility, a variety of policies are more consistently enforced, including uid-based restrictions and jail-based restrictions. This also better-supports the introduction of additional MAC models. Reviewed by: ps, billf Obtained from: TrustedBSD Project		2001-10-09 21:40:30 +00:00
..
libalias	mdoc(7) police: Use the new .In macro for #include statements.	2001-10-01 16:09:29 +00:00
accf_data.c	Remove headers not needed.	2000-10-07 23:15:17 +00:00
accf_http.c	Fix incorrect logic wouldn't disconnect incomming connections that had been	2001-01-03 19:50:23 +00:00
icmp6.h	- Renumber KAME local ICMP types and NDP options numberes beacaues they	2001-06-21 07:08:43 +00:00
icmp_var.h	Clean up RST ratelimiting. Previously, ratelimiting occured before tests	2001-02-11 07:39:51 +00:00
if_atm.c
if_atm.h	Add $FreeBSD$	2000-05-01 20:32:07 +00:00
if_ether.c	Add a hash table that contains the list of internet addresses, and use	2001-09-29 04:34:11 +00:00
if_ether.h
if_fddi.h
igmp_var.h	Patches from Keiichi SHIMA <keiichi@iij.ad.jp>	2001-09-03 20:03:55 +00:00
igmp.c	One caller of rip_input failed to be converted in the last commit.	2001-09-03 20:40:35 +00:00
igmp.h
in_cksum.c
in_gif.c	KSE Milestone 2	2001-09-12 08:38:13 +00:00
in_gif.h	Patches from Keiichi SHIMA <keiichi@iij.ad.jp>	2001-09-03 20:03:55 +00:00
in_hostcache.c	Convert more malloc+bzero to malloc+M_ZERO.	2000-12-08 21:51:06 +00:00
in_hostcache.h
in_pcb.c	Centralize satosin(), sintosa() and ifatoia() macros in <netinet/in.h>	2001-09-29 03:23:44 +00:00
in_pcb.h	KSE Milestone 2	2001-09-12 08:38:13 +00:00
in_proto.c	Patches from Keiichi SHIMA <keiichi@iij.ad.jp>	2001-09-03 20:03:55 +00:00
in_rmx.c	Centralize satosin(), sintosa() and ifatoia() macros in <netinet/in.h>	2001-09-29 03:23:44 +00:00
in_systm.h
in_var.h	Nuke unused (and incorrect) #define of INADDR_HMASK.	2001-09-29 14:59:20 +00:00
in.c	in_ifinit apparently can be used to rewrite an ip address; recalculate	2001-10-01 18:07:08 +00:00
in.h	Centralize satosin(), sintosa() and ifatoia() macros in <netinet/in.h>	2001-09-29 03:23:44 +00:00
ip6.h	Sync with recent KAME.	2001-06-11 12:39:29 +00:00
ip_divert.c	KSE Milestone 2	2001-09-12 08:38:13 +00:00
ip_dummynet.c	Make it so dummynet and bridge can be loaded as modules.	2001-10-05 05:45:27 +00:00
ip_dummynet.h	Make it so dummynet and bridge can be loaded as modules.	2001-10-05 05:45:27 +00:00
ip_ecn.c	Sync with recent KAME.	2001-06-11 12:39:29 +00:00
ip_ecn.h	Sync with recent KAME.	2001-06-11 12:39:29 +00:00
ip_encap.c	Remove some un-needed code that was accidentally included in	2001-09-07 07:24:28 +00:00
ip_encap.h	Patches from KAME to remove usage of Varargs in existing	2001-09-07 07:19:12 +00:00
ip_flow.c	Bring in fix from NetBSD's revision 1.16:	2001-06-26 09:00:50 +00:00
ip_flow.h	Back out the previous change to the queue(3) interface.	2000-05-26 02:09:24 +00:00
ip_fw.c	Only allow users to see their own socket connections if	2001-10-05 07:06:32 +00:00
ip_fw.h	Two main changes here:	2001-09-27 23:44:27 +00:00
ip_icmp.c	Add a hash table that contains the list of internet addresses, and use	2001-09-29 04:34:11 +00:00
ip_icmp.h	Patches from Keiichi SHIMA <keiichi@iij.ad.jp>	2001-09-03 20:03:55 +00:00
ip_id.c	Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets.	2001-06-01 10:02:28 +00:00
ip_input.c	Make it so dummynet and bridge can be loaded as modules.	2001-10-05 05:45:27 +00:00
ip_mroute.c	Fixed comment: ipip_input -> mroute_encapcheck.	2001-09-20 07:59:45 +00:00
ip_mroute.h	Somewhat modernize ip_mroute.c:	2001-07-25 20:15:49 +00:00
ip_output.c	Make it so dummynet and bridge can be loaded as modules.	2001-10-05 05:45:27 +00:00
ip_var.h	Patches from Keiichi SHIMA <keiichi@iij.ad.jp>	2001-09-03 20:03:55 +00:00
ip.h
ipprotosw.h	KSE Milestone 2	2001-09-12 08:38:13 +00:00
raw_ip.c	- Combine kern.ps_showallprocs and kern.ipc.showallsockets into	2001-10-09 21:40:30 +00:00
tcp_debug.c	sync with kame tree as of july00. tons of bug fixes/improvements.	2000-07-04 16:35:15 +00:00
tcp_debug.h
tcp_fsm.h
tcp_input.c	KSE Milestone 2	2001-09-12 08:38:13 +00:00
tcp_output.c	Add a flag TF_LASTIDLE, that forces a previously idle connection	2001-10-05 21:33:38 +00:00
tcp_reass.c	KSE Milestone 2	2001-09-12 08:38:13 +00:00
tcp_seq.h	Much delayed but now present: RFC 1948 style sequence numbers	2001-08-22 00:58:16 +00:00
tcp_subr.c	- Combine kern.ps_showallprocs and kern.ipc.showallsockets into	2001-10-09 21:40:30 +00:00
tcp_timer.c	Much delayed but now present: RFC 1948 style sequence numbers	2001-08-22 00:58:16 +00:00
tcp_timer.h
tcp_timewait.c	- Combine kern.ps_showallprocs and kern.ipc.showallsockets into	2001-10-09 21:40:30 +00:00
tcp_usrreq.c	KSE Milestone 2	2001-09-12 08:38:13 +00:00
tcp_var.h	Add a flag TF_LASTIDLE, that forces a previously idle connection	2001-10-05 21:33:38 +00:00
tcp.h	o Minor style(9)ism to make consistent with -STABLE	2001-01-09 18:26:17 +00:00
tcpip.h	Remove struct full_tcpiphdr{}.	2001-02-26 20:10:16 +00:00
udp_usrreq.c	- Combine kern.ps_showallprocs and kern.ipc.showallsockets into	2001-10-09 21:40:30 +00:00
udp_var.h	Patches from Keiichi SHIMA <keiichi@iij.ad.jp>	2001-09-03 20:03:55 +00:00
udp.h