freebsd kernel with SKQ
Go to file
Pawel Jakub Dawidek 12b9f8e47d Imagine situation where a security problem is found in setuid binary.
User upgrades his system to fix the problem, but if he has any ZFS snapshots
for the file system which contains problematic binary, any user can mount the
snapshot and execute vulnerable binary.

Prevent this from happening by always mounting snapshots with setuid turned off.

MFC after:	2 weeks
2011-05-31 07:02:49 +00:00
bin Vendor import of BIND 9.6-ESV-R4-P1 2011-05-27 23:50:10 +00:00
cddl Close a race between libzfs and mountd when updating NFS exports. 2011-05-26 16:27:00 +00:00
contrib The argument to setsockopt for IP_MULTICAST_LOOP depends on operating 2011-05-29 07:40:48 +00:00
crypto Fix clang warning (why is there nowhere yyparse() is declared?). 2011-05-18 20:57:23 +00:00
etc No logner set an IPv4 loopback address by default in defaults/rc.conf. 2011-05-31 00:25:52 +00:00
games Convert a file to UTF-8. This only changes a character in the 2011-05-14 19:03:54 +00:00
gnu Build and install a BSD licensed grep. 2011-05-25 01:04:12 +00:00
include * Add the readline(3) API to libedit. The libedit versions of 2011-04-05 18:41:01 +00:00
kerberos5 Fix a typo. 2010-01-09 18:53:03 +00:00
lib posix_spawn(): Do not fail when trying to close an fd that is not open. 2011-05-30 21:41:06 +00:00
libexec Fix tftp_log() usage. 2011-05-26 20:32:33 +00:00
release As requested by many people, with final prodding from Jason Hall, fix this 2011-05-18 17:39:28 +00:00
rescue Finally... Import the latest open-source ZFS version - (SPA) 28. 2011-02-27 19:41:40 +00:00
sbin Document kern.geom.part.check_integrity sysctl variable. 2011-05-30 11:17:42 +00:00
secure Upgrade to OpenSSH 5.8p2. 2011-05-04 07:34:44 +00:00
share Bump document date. 2011-05-30 10:28:55 +00:00
sys Imagine situation where a security problem is found in setuid binary. 2011-05-31 07:02:49 +00:00
tools sh: Add tests for some somewhat obscure aspects of function definitions. 2011-05-30 21:49:59 +00:00
usr.bin printf(1): Document that %c and precision for %b/%s use bytes, not chars. 2011-05-28 14:32:47 +00:00
usr.sbin Contrary to the rc.conf framework, when manualy enabling IPv6 we have 2011-05-30 17:27:48 +00:00
COPYRIGHT Happy New Year 2011. 2010-12-31 18:07:16 +00:00
LOCKS Update LOCKS syntax. 2008-06-05 19:47:58 +00:00
MAINTAINERS Encourage Ben Laurie to finish getting his commit bit by appointing him 2011-05-14 17:44:12 +00:00
Makefile Disconnect sun4v architecture from the three. 2011-05-14 01:53:38 +00:00
Makefile.inc1 Implement WITH{,OUT}_{GCC,BINUTILS} to provide finer-grained control 2011-05-19 05:13:25 +00:00
Makefile.mips Retire TARGET_ABI. 2011-01-07 20:26:33 +00:00
ObsoleteFiles.inc Upgrade our copy of llvm/clang to r130700, from upstream's trunk. 2011-05-02 21:04:37 +00:00
README Vendor import of OpenSSH 5.8p2 2011-05-03 11:22:37 +00:00
UPDATING Disconnect sun4v architecture from the three. 2011-05-14 01:53:38 +00:00

This is the top level of the FreeBSD source directory.  This file
was last revised on:
$FreeBSD$

For copyright information, please see the file COPYRIGHT in this
directory (additional copyright information also exists for some
sources in this tree - please see the specific source directories for
more information).

The Makefile in this directory supports a number of targets for
building components (or all) of the FreeBSD source tree, the most
commonly used one being ``world'', which rebuilds and installs
everything in the FreeBSD system from the source tree except the
kernel, the kernel-modules and the contents of /etc.  The ``world''
target should only be used in cases where the source tree has not
changed from the currently running version.  See:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
for more information, including setting make(1) variables.

The ``buildkernel'' and ``installkernel'' targets build and install
the kernel and the modules (see below).  Please see the top of
the Makefile in this directory for more information on the
standard build targets and compile-time flags.

Building a kernel is a somewhat more involved process, documentation
for which can be found at:
   http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
And in the config(8) man page.
Note: If you want to build and install the kernel with the
``buildkernel'' and ``installkernel'' targets, you might need to build
world before.  More information is available in the handbook.

The sample kernel configuration files reside in the sys/<arch>/conf
sub-directory (assuming that you've installed the kernel sources), the
file named GENERIC being the one used to build your initial installation
kernel.  The file NOTES contains entries and documentation for all possible
devices, not just those commonly used.  It is the successor of the ancient
LINT file, but in contrast to LINT, it is not buildable as a kernel but a
pure reference and documentation file.


Source Roadmap:
---------------
bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

games		Amusements.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

sys		Kernel sources.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.


For information on synchronizing your source tree with one or more of
the FreeBSD Project's development branches, please see:

  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html