freebsd-skq/sys/kern
Robert Watson 0489082737 o Disable two "allow this" exceptions in p_cansched()m retricting the
ability of unprivileged processes to modify the scheduling properties
  of daemons temporarily taking on unprivileged effective credentials.
  These cases (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) and
  (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid), respectively permitting
  a subject process to influence the scheduling of a daemon if the subject
  process has the same real uid or effective uid as the daemon's effective
  uid.  This removes a number of the warning cases identified by the
  proc_to_proc iner-process authorization regression test.
o As these are new restrictions, we'll have to watch out carefully for
  possible side effects on running code: they seem reasonable to me,
  but it's possible this change might have to be backed out if problems
  are experienced.

Reported by:	src/tools/regression/security/proc_to_proc/testuid
Obtained from:	TrustedBSD Project
2001-04-12 22:46:07 +00:00
..
bus_if.m
device_if.m
genassym.sh
gensetdefs.pl
imgact_aout.c
imgact_elf.c Convert the allproc and proctree locks from lockmgr locks to sx locks. 2001-03-28 11:52:56 +00:00
imgact_gzip.c
imgact_shell.c
inflate.c
init_main.c Stick proc0 in the PID hash table. 2001-04-11 18:50:50 +00:00
init_sysent.c o Regenerated following introduction of __setugid() system call for 2001-04-11 20:21:37 +00:00
kern_acct.c
kern_acl.c Correct the following defines to match the POSIX.1e spec: 2001-04-11 02:19:01 +00:00
kern_cap.c
kern_clock.c Catch up to header include changes: 2001-03-28 09:17:56 +00:00
kern_condvar.c Pass in a pointer to the mutex's lock_object as the second argument to 2001-03-28 10:41:15 +00:00
kern_conf.c Add a KASSERT on unit2minor() so that we catch it if people try to pass 2001-03-20 13:24:24 +00:00
kern_descrip.c Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
kern_environment.c
kern_event.c o Make kqueue's filt_procattach() function use the error value returned 2001-04-12 21:32:02 +00:00
kern_exec.c Proc locking. 2001-03-07 03:27:32 +00:00
kern_exit.c Convert the allproc and proctree locks from lockmgr locks to sx locks. 2001-03-28 11:52:56 +00:00
kern_fork.c Convert the allproc and proctree locks from lockmgr locks to sx locks. 2001-03-28 11:52:56 +00:00
kern_idle.c Implement a unified run queue and adjust priority levels accordingly. 2001-02-12 00:20:08 +00:00
kern_intr.c Catch up to header include changes: 2001-03-28 09:17:56 +00:00
kern_jail.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
kern_kthread.c Convert the allproc and proctree locks from lockmgr locks to sx locks. 2001-03-28 11:52:56 +00:00
kern_ktr.c Switch from save/disable/restore_intr() to critical_enter/exit(). 2001-03-28 03:06:10 +00:00
kern_ktrace.c Convert the allproc and proctree locks from lockmgr locks to sx locks. 2001-03-28 11:52:56 +00:00
kern_linker.c o Actually extract version of interface and store it along with the name. 2001-03-22 08:58:45 +00:00
kern_lock.c Fix a precedence bug. ! has higher precedence than &. 2001-04-08 04:15:26 +00:00
kern_lockf.c Protect p_wmesg and p_wchan with sched_lock while checking for deadlocks 2001-03-24 03:57:44 +00:00
kern_malloc.c
kern_mib.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
kern_module.c
kern_mutex.c Rework the witness code to work with sx locks as well as mutexes. 2001-03-28 09:03:24 +00:00
kern_ntptime.c
kern_physio.c
kern_proc.c Convert the allproc and proctree locks from lockmgr locks to sx locks. 2001-03-28 11:52:56 +00:00
kern_prot.c o Disable two "allow this" exceptions in p_cansched()m retricting the 2001-04-12 22:46:07 +00:00
kern_random.c
kern_resource.c o Limit process information leakage by introducing a p_can(...P_CAN_SEE...) 2001-04-12 20:46:26 +00:00
kern_shutdown.c Last commit was broken.. It always prints '[CTRL-C to abort]'. 2001-03-28 01:37:29 +00:00
kern_sig.c o Replace p_cankill() with p_cansignal(), remove wrappage of p_can() 2001-04-12 02:38:08 +00:00
kern_subr.c Introduce copyinfrom and copyinstrfrom, which can copy data from either 2001-02-16 14:31:49 +00:00
kern_switch.c Catch up to header include changes: 2001-03-28 09:17:56 +00:00
kern_sx.c Rework the witness code to work with sx locks as well as mutexes. 2001-03-28 09:03:24 +00:00
kern_synch.c Convert the allproc and proctree locks from lockmgr locks to sx locks. 2001-03-28 11:52:56 +00:00
kern_syscalls.c
kern_sysctl.c Make the SYSCTL_OUT handlers sysctl_old_user() and sysctl_old_kernel() 2001-03-08 01:20:43 +00:00
kern_tc.c
kern_time.c Lock the process while sending it SIGARLM and updating p_realtimer. 2001-03-07 03:02:56 +00:00
kern_timeout.c Catch up to header include changes: 2001-03-28 09:17:56 +00:00
kern_xxx.c This is kind of a hack, but it should work. Currently, world is broken 2001-03-24 04:40:49 +00:00
ksched.c Lock need_resched with sched_lock. 2001-02-22 13:46:09 +00:00
link_aout.c Manually add an extra _ to _DYNAMIC since it is provided by ld, not gcc. 2001-02-25 07:25:05 +00:00
link_elf_obj.c Make this compile in a.out mode. link.h has extra dependencies for a.out. 2001-02-25 07:26:54 +00:00
link_elf.c Make this compile in a.out mode. link.h has extra dependencies for a.out. 2001-02-25 07:26:54 +00:00
linker_if.m
Make.tags.inc
Makefile
makeobjops.pl Use getopt instead of a home grown one 2001-04-07 20:51:24 +00:00
makesyscalls.sh
md4c.c Import kernel part of SMB/CIFS requester. 2001-04-10 07:59:06 +00:00
md5c.c
p1003_1b.c
posix4_mib.c
subr_acl_posix1e.c Correct the following defines to match the POSIX.1e spec: 2001-04-11 02:19:01 +00:00
subr_autoconf.c
subr_blist.c
subr_bus.c
subr_clist.c Make cblock_alloc_cblocks() spell its own name 2001-03-27 10:21:26 +00:00
subr_devstat.c
subr_disk.c Dont call device close and ioctl functions if device has disappeared. 2001-03-13 08:45:05 +00:00
subr_disklabel.c
subr_diskmbr.c
subr_diskslice.c
subr_eventhandler.c Catch up to header include changes: 2001-03-28 09:17:56 +00:00
subr_kobj.c
subr_log.c Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
subr_mchain.c Remove superfluous m_pkthdr.rcv_if = NULL assignment following 2001-02-25 06:33:50 +00:00
subr_module.c Preceed/preceeding are not english words. Use precede and preceding. 2001-02-18 10:43:53 +00:00
subr_param.c
subr_prf.c
subr_prof.c Switch from save/disable/restore_intr() to critical_enter/exit(). 2001-03-28 03:06:10 +00:00
subr_rman.c
subr_sbuf.c Rewrite of the CAM error recovery code. 2001-03-27 05:45:52 +00:00
subr_scanf.c
subr_smp.c Rename the IPI API from smp_ipi_* to ipi_* since the smp_ prefix is just 2001-04-11 17:06:02 +00:00
subr_taskqueue.c - Catch up to the new swi API changes: 2001-02-09 17:46:35 +00:00
subr_trap.c - Release Giant a bit earlier on syscall exit. 2001-03-07 03:53:39 +00:00
subr_turnstile.c Rework the witness code to work with sx locks as well as mutexes. 2001-03-28 09:03:24 +00:00
subr_witness.c Avoid endless recursion on panic. 2001-04-10 00:56:19 +00:00
subr_xxx.c Extend kqueue down to the device layer. 2001-02-15 16:34:11 +00:00
sys_generic.c Grab the process lock while calling psignal and before calling psignal. 2001-03-07 03:37:06 +00:00
sys_pipe.c Extend kqueue down to the device layer. 2001-02-15 16:34:11 +00:00
sys_process.c Convert the allproc and proctree locks from lockmgr locks to sx locks. 2001-03-28 11:52:56 +00:00
sys_socket.c Extend kqueue down to the device layer. 2001-02-15 16:34:11 +00:00
syscalls.c o Regenerated following introduction of __setugid() system call for 2001-04-11 20:21:37 +00:00
syscalls.master o Introduce a new system call, __setsugid(), which allows a process to 2001-04-11 20:20:40 +00:00
sysv_ipc.c
sysv_msg.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
sysv_sem.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
sysv_shm.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
tty_compat.c
tty_conf.c
tty_cons.c Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
tty_pty.c Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
tty_snoop.c Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
tty_subr.c Make cblock_alloc_cblocks() spell its own name 2001-03-27 10:21:26 +00:00
tty_tty.c Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
tty.c Grab the process lock while calling psignal and before calling psignal. 2001-03-07 03:37:06 +00:00
uipc_accf.c
uipc_domain.c
uipc_mbuf2.c Long awaited style fixup in mbuf code. Get rid of K&R style prototyping 2001-02-11 05:02:06 +00:00
uipc_mbuf.c - Change the msleep()s to condition variables. 2001-04-03 04:50:13 +00:00
uipc_proto.c
uipc_sockbuf.c
uipc_socket2.c
uipc_socket.c When doing a recv(.. MSG_WAITALL) for a message which is larger than 2001-03-16 22:37:06 +00:00
uipc_syscalls.c Fix is a similar race condition as existed in the mbuf code. When we go 2001-03-08 19:21:45 +00:00
uipc_usrreq.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
vfs_acl.c Correct the following defines to match the POSIX.1e spec: 2001-04-11 02:19:01 +00:00
vfs_aio.c When aio_read/write() is used on a raw device, physical buffers are 2001-03-10 22:47:57 +00:00
vfs_bio.c Fix lockup for loopback NFS mounts. The pipelined I/O limitations could be 2001-02-28 04:13:11 +00:00
vfs_cache.c Create debug.hashstat.[raw]nchash and debug.hashstat.[raw]nfsnode to 2001-04-11 00:39:20 +00:00
vfs_cluster.c Fix lockup for loopback NFS mounts. The pipelined I/O limitations could be 2001-02-28 04:13:11 +00:00
vfs_conf.c Reviewed by: jlemon 2001-03-01 21:00:17 +00:00
vfs_default.c o Rename "namespace" argument to "attrnamespace" as namespace is a C++ 2001-03-19 05:44:15 +00:00
vfs_export.c Add a NOTE_REVOKE flag for vnodes, which is triggered from within vclean(). 2001-02-23 20:06:01 +00:00
vfs_extattr.c o Introduce extattr_{delete,get,set}_fd() to allow extended attribute 2001-03-31 16:20:05 +00:00
vfs_init.c
vfs_lookup.c
vfs_mount.c Reviewed by: jlemon 2001-03-01 21:00:17 +00:00
vfs_subr.c Add a NOTE_REVOKE flag for vnodes, which is triggered from within vclean(). 2001-02-23 20:06:01 +00:00
vfs_syscalls.c o Introduce extattr_{delete,get,set}_fd() to allow extended attribute 2001-03-31 16:20:05 +00:00
vfs_vnops.c Previous commit broke interlock locking for !LK_RETRY case. 2001-03-26 12:45:35 +00:00
vnode_if.pl replace calls to non-existant bail() subroutine with calls to 2001-03-23 11:48:50 +00:00
vnode_if.src o Rename "namespace" argument to "attrnamespace" as namespace is a C++ 2001-03-19 05:44:15 +00:00