Commit Graph

79138 Commits

Author SHA1 Message Date
rwatson
a1cb1e3bed Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}().  Pass in fp->f_cred
when calling these checks with a struct file available.  Otherwise,
pass NOCRED.  All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 19:04:53 +00:00
sos
32d992cd39 Fix buffer length.
PR: 41063
2002-08-19 18:52:23 +00:00
sos
74aa80c3e4 Fix typo. 2002-08-19 18:47:51 +00:00
ache
34e5c81b71 According to SUSv2, always return 0 for null wide-character code 2002-08-19 18:06:18 +00:00
rwatson
4cb63b194b Provide an implementation of mac_syscall() so that security modules
can offer new services without reserving system call numbers, or
augmented versions of existing services.  User code requests a
target policy by name, and specifies the policy-specific API plus
target.  This is required in particular for our port of SELinux/FLASK
to the MAC framework since it offers additional security services.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 17:59:48 +00:00
gordon
edd73c4d45 Update manpage to reflect reality:
xntpd -> ntpd
single_mountd_enable -> mountd_enable
portmap -> rpcbind
2002-08-19 17:57:38 +00:00
jmallett
a5175f2536 Clean up a comment talking about C strings, which are terminated with the
ASCII NUL character (0, or '\0' in C).
2002-08-19 17:20:03 +00:00
jmallett
209b6366d9 s/trailing NULL/trailing NUL/ 2002-08-19 17:14:58 +00:00
bmah
8d19e7758d New release note: SA-02:38. 2002-08-19 17:13:08 +00:00
rwatson
fd544421f3 Break out mac_check_pipe_op() into component check entry points:
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write().  This is improves consistency with other
access control entry points and permits security modules to only
control the object methods that they are interested in, avoiding
switch statements.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 16:59:37 +00:00
ambrisko
d0709eea67 Don't read the PCI config space during mii operations. Instead save whether
or not we have to limit the PHY detection in the softc structure.  Then
just check the flag.

Suggested by:	jdp
Reviewed by:	jdp
MFC after:	3 days
2002-08-19 16:54:26 +00:00
rwatson
1a7cd1a210 Break out mac_check_vnode_op() into three seperate checks:
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write().
This improves the consistency with other existing vnode checks, and
allows policies to avoid implementing switch statements to determine
what operations they do and do not want to authorize.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 16:43:25 +00:00
sobomax
25617b8fc0 Add a new -H' modifier, which when combined with -p' or `-P' allows to dump
full console history.
2002-08-19 16:33:23 +00:00
sobomax
fb29e33da0 1. Allow information about current history size be retrieved using ioctl(2);
2. modify screen dumpung routine, so that in addition to visible area, it
   allows to grab any portion of history buffer as well.
2002-08-19 16:32:09 +00:00
orion
e3be6c4141 Cater for ich4 quirks.
Reported by: Jacob Rhoden
Tested by: Jacob Rhoden, mp
2002-08-19 16:03:56 +00:00
rwatson
c601d7b784 Assert process locks in proces-related access control checks.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 15:30:30 +00:00
rwatson
8c753954cb Add a missing vnode assertion for the exec() check.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 15:28:39 +00:00
sobomax
021687d79b Previous deltas (promisc mode) were a subject of:
MFC after:	1 week
2002-08-19 15:18:25 +00:00
sobomax
e50e3b03ec Implement user-setable promiscuous mode (a new `promisc' flag for ifconfig(8)).
Also, for all interfaces in this mode pass all ethernet frames to upper layer,
even those not addressed to our own MAC, which allows packets encapsulated
in those frames be processed with packet filters (ipfw(8) et al).

Emphatically requested by:	Anton Turygin <pa3op@ukr-link.net>
Valuable suggestions by:	fenner
2002-08-19 15:16:38 +00:00
luigi
be3fb71639 One more (hopefully the last one) step in cleaning up the syntax,
following Julian's good suggestion: since you can specify any match
pattern as an option, rules now have the following format:

	[<proto> from <src> to <dst>] [options]

i.e. the first part is now entirely optional (and left there just
for compatibility with ipfw1 rulesets).

Add a "-c" flag to show/list rules in the compact form
(i.e. without the "ip from any to any" part) when possible.
The default is to include it so that scripts processing ipfw's
canonical output will still work.
Note that as part of this cleanup (and to remove ambiguity), MAC
fields now can only be specified in the options part.

Update the manpage to reflect the syntax.

Clarify the behaviour when a match is attempted on fields which
are not present in the packet, e.g. port numbers on non TCP/UDP
packets, and the "not" operator is specified. E.g.

	ipfw add allow not src-port 80

will match also ICMP packets because they do not have port numbers, so
"src-port 80" will fail and "not src-port 80" will succeed. For such
cases it is advised to insert further options to prevent undesired results
(e.g. in the case above, "ipfw add allow proto tcp not src-port 80").

We definitely need to rewrite the parser using lex and yacc!
2002-08-19 12:36:54 +00:00
maxim
3855d71e92 Forced commit to correct a PR number in the previous commit. It is bin/40177.
Pointed out by: obrien
2002-08-19 09:19:31 +00:00
ache
2094c32437 Move internal defines from ctype.h here 2002-08-19 09:02:49 +00:00
sobomax
357ca3e7e3 Fix last-minute typo which breaks the world.
Submitted by:	many
2002-08-19 08:59:20 +00:00
ache
f70b854cde Move internal defines from here to libc/locale/wcwidth.c 2002-08-19 08:58:51 +00:00
ache
d80df77aeb Properly define SWIDTH1, add autowidth (was SWIDTH1) 2002-08-19 08:50:41 +00:00
ru
6c5df471b1 mdoc(7) police: fixed the document date.
Submitted by:	iedowse
2002-08-19 07:15:20 +00:00
phk
d1ede7ccd1 First snapshot of UFS2 EA support.
Sponsored by: DARPA & NAI Labs.
2002-08-19 07:01:55 +00:00
phk
b08a6ac7b9 Remove the SIS_LOCK/SIS_UNLOCK from sis_attach(). It makes WITNESS
barf and there seem to be little room for contention during attach.
2002-08-19 06:56:50 +00:00
phk
8346c2fde3 Keep a copy of the credential used to mount filesystems around so
we can check and use it later on.

Change the pieces of code which relied on mount->mnt_stat.f_owner
to check which user mounted the filesystem.

This became needed as the EA code needs to be able to allocate
blocks for "system" EA users like ACLs.

There seems to be some half-baked (probably only quarter- actually)
notion that the superuser for a given filesystem is the user who
mounted it, but this has far from been carried through.  It is
unclear if it should be.

Sponsored by: DARPA & NAI Labs.
2002-08-19 06:52:21 +00:00
luigi
7a01faeb98 Major cleanup of the parser and printing routines in an attempt to
render the syntax less ambiguous.

Now rules can be in one of these two forms

	<action> <protocol> from <src> to <dst> [options]
	<action> MAC dst-mac src-mac mac-type [options]

however you can now specify MAC and IP header fields as options e.g.

	ipfw add allow all from any to any mac-type arp
	ipfw add allow all from any to any { dst-ip me or src-ip me }

which makes complex expressions a lot easier to write and parse.
The "all from any to any" part is there just for backward compatibility.

Manpage updated accordingly.
2002-08-19 04:52:15 +00:00
luigi
62cbc8d621 Raise limit for port lists to 30 entries/ranges.
Remove a duplicate "logging" message, and identify the firewall
as ipfw2 in the boot message.
2002-08-19 04:45:01 +00:00
jmallett
77aebb609a Leave room for a trailing NUL not a NULL, that's not an ASCII character. 2002-08-19 03:52:36 +00:00
jmallett
2b6e4e1504 Remove local prototypes for main(). 2002-08-19 03:07:56 +00:00
jmallett
bd88fce4f3 Add a unary -not operator ala -false and !, for sake of completeness.
Obtained from:	OpenDarwin
MFC after:	1 week
2002-08-19 02:27:33 +00:00
bde
5c4faa8fa4 Added rules to generate .c files from .m files. Run mkdep on these .c
files.  This fixes at least "make" (without -j) after "make clean".
2002-08-19 01:00:37 +00:00
johan
9db847d912 New release notes: chmod(1) -v -v; od(1) -A, -N, -j, -s, -t
MFCs noted: biff(1) b; cp(1) -n; mv(1) -n; od(1) -A, -N, -j, -s, -t

Release note modified: mv(1) -n

Reviewed by: bmah
2002-08-19 00:35:58 +00:00
johan
737d866716 Last commit should also have said
PR:		bin/39816
Submitted by:	Dan Lukes <dan@obluda.cz>
2002-08-18 21:48:38 +00:00
johan
ecb994c0d2 Remove unused variable. camcontrol is now WARNS=2 clean on i386.
Approved by: 	ken, sheldonh (mentor)
2002-08-18 21:46:32 +00:00
phk
f76782b8b0 A side effect of some debugging: prototypify and deregister. 2002-08-18 21:24:22 +00:00
bde
5d08f60467 Finished removing env(1) commands, as in rev.1.13 but non-broken. Set
the environment for the last command of the pipeline (xargs) instead
of too early in the broken version or using an extra env process for
each command spawned by xargs as in rev.1.12.  Fixed a nearby English
error.
2002-08-18 20:41:19 +00:00
johan
28378cc9b0 Correctly handle empty path arguments, e.g., whereis -S -f biff.
Approved by:	joerg, sheldonh (mentor)
2002-08-18 18:21:18 +00:00
jdp
af43ddac0b Clarify the explanation of the behavior for setuid programs by
noting that the restrictions do not apply if the user invoking the
program is also the owner of the program.

Also, capitalize a section header properly.

PR:		misc/41180
2002-08-18 18:11:38 +00:00
bde
a8e6e41c88 Include <nlist.h> for nlist interfaces instead of depending on namespace
pollution in <kvm.h>.
2002-08-18 17:57:08 +00:00
bde
d8025b239f Use essentially the same formatting of the CPU stats percentages as in
vmstat so that they never coalesce.  Both iostat and vmstat need larger
fixes to prevent wide fields from unnecessarily messing up the alignment
of all subsequent fields.

PR:		41674
MFC-after:	3 days
2002-08-18 17:51:14 +00:00
bde
971c6f16e0 Include <nlist.h> for nlist interfaces instead of depending on namespace
pollution in <kvm.h>.
2002-08-18 17:35:55 +00:00
schweikh
9d62c6da40 Provide an iso8859 table similar to share/misc/ascii.
PR:		misc/11553
Submitted by:	Oliver Fromme <olli@fromme.com>
MFC after:	1 week
2002-08-18 16:57:45 +00:00
orion
5dddb64180 Apply reference counting patch. Fixes problem of two applications
opening the device, eg one read only and one write only, and the
reference count being non-zero when both exit rendering device
permanently busy.

PR:		kern/35004
Submitted by:	Bill Wells
MFC after:	3 days
2002-08-18 14:17:06 +00:00
sos
6da980591b Fix args for contigmalloc, cosmetics. 2002-08-18 12:20:33 +00:00
sos
0e0e2230b6 Add dev# for pst driver 2002-08-18 12:19:32 +00:00
joe
f01946b9bb Use uhci_pci_match to return the device description and rework the
vendor description code.
2002-08-18 11:52:47 +00:00