summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* mdoc(7) police: misc. markup fixes in the DIAGNOSTICS section.dd2001-04-131-12/+15
| | | | Submitted by: ru
* mdoc(7) police: properly use a -diag list in the DIAGNOSTICS section.dd2001-04-1311-30/+24
| | | | Reviewed by: ru
* mdoc(7) police: rename the DIAGNOSTICS section to ERRORS to match thedd2001-04-136-12/+12
| | | | | | content, and correct the parameters to the -tag list therein. Reviewed by: ru
* Update boot capabilities for Adaptec 2940-serieswilko2001-04-131-0/+10
| | | | Obtained from: axp-list@redhat.com / Jay.Estabrook@compaq.com
* Add acl_get_perm_np(3), a non-portable function to check if ajedgar2001-04-134-0/+115
| | | | | | | | permission is in a permission set, required for third-party applications such as Samba. Reviewed by: rwatson Obtained from: TrustedBSD Project
* Convert getfacl to the ACL editing library functions. getfacl shouldjedgar2001-04-131-23/+71
| | | | | | | | now compile/work on any POSIX.1e-compliant implementation (also tested against the current Linux patches). Review by: rwatson Obtained from: TrustedBSD Project
* Add the remaining POSIX.1e ACL definitions:jedgar2001-04-132-10/+20
| | | | | | | ACL_UNDEFINED_TAG, ACL_UNDEFINED_ID, ACL_FIRST_ENTRY, ACL_NEXT_ENTRY Reviewed by: rwatson Obtained from: TrustedBSD Project
* People are still having problems with i586_* on UP machines and SMPjhb2001-04-133-3/+3
| | | | | | machines, so just hack it to disable them for now until it can be fixed. Inspired by hair pulling of: asmodai
* o Add a comment identifying the "privileged on privileged" scenario.rwatson2001-04-131-0/+1
| | | | Obtained from: TrustedBSD Project
* o Add inter-process authorization uid regression testing for ktrace().rwatson2001-04-131-43/+63
| | | | Obtained from: TrustedBSD Project
* New release notes: wx(4) supports new cards (submitted by mjacob),bmah2001-04-133-9/+21
| | | | | | | | | | | Add missing CMedia and Crystal Semiconductor sound chips (submitted by orion). Fix estimate of 5.0-RELEASE release date (submitted by dd). ntpd(8) security fix cross-reference to SA-01:31. Fix typo: s/maestreo3/maestro3/.
* o s/debug/ptrace/ since shortly there will be tests involving otherrwatson2001-04-131-3/+3
| | | | | | forms of debugging. Obtained from: TrustedBSD Project
* - Newer versions of bind log denied secondary zone tranfers withnate2001-04-131-1/+1
| | | | | | | | | 'denied AXFR', not 'unapproved AXFR'. This is an MFC candidate. PR: misc/26529 Submitted by: duwde@duwde.com.br
* o Since uid checks in p_cansignal() are now identical between P_SUGIDrwatson2001-04-131-28/+14
| | | | | | | | | and non-P_SUGID cases, simplify p_cansignal() logic so that the P_SUGID masking of possible signals is independent from uid checks, removing redundant code and generally improving readability. Reviewed by: tmm Obtained from: TrustedBSD Project
* Add smbfs module. Currently it includes smbfs, netsmb and DES parts.bp2001-04-132-1/+63
| | | | Kernel should be compiled with options LIBMCHAIN and LIBICONV.
* Move VT_SMBFS definition to the proper place. Undefine VI_LOCK/VI_UNLOCK.bp2001-04-132-8/+1
|
* if/panic -> KASSERTalfred2001-04-131-7/+8
|
* All NETSMB* options should use opt_netsmb.h file (the joy of multiple repos).bp2001-04-131-2/+2
|
* This file also depends on sys/types.h and sys/ioccom.h.bp2001-04-131-7/+6
| | | | | | Remove some old junk. Submitted by: bde
* protect pbufs and associated counts with a mutexalfred2001-04-133-2/+14
|
* use %p for pointer printf, include sys/systm.h for printf protoalfred2001-04-131-6/+7
|
* convert if/panic -> KASSERT, explain what triggered the assertionalfred2001-04-131-2/+4
|
* Make this more lint-friendly. This file seems to be invoked in justmarkm2001-04-131-4/+10
| | | | | about any .c file that includes a .h, and lint produces copious whining because of the asm ...; stuff.
* Generate useful error messages.murray2001-04-131-4/+4
|
* mdoc(7) police: Fixed markup.ru2001-04-131-5/+13
|
* Handle a rare but fatal race invoked sometimes when SIGSTOP ismarkm2001-04-132-2/+2
| | | | invoked.
* mdoc(7) police: Fixed markup in rev.1.5.ru2001-04-131-1/+2
|
* mdoc(7) police: Fixed typo and markup in rev.1.11.ru2001-04-131-2/+2
|
* mdoc(7) police: removed hard sentence breaks introduced in rev.1.10.ru2001-04-132-8/+10
|
* - Add a comment at the start of the spin locks list.jhb2001-04-131-1/+4
| | | | - The alpha SMP code uses an "ap boot" spinlock as well.
* Document /usr/include/fs/smbfs and /usr/include/netsmb.ru2001-04-131-0/+7
| | | | Submitted by: bp
* Use a macro wrapper over printf along with KASSERT to reduce the amountalfred2001-04-131-40/+15
| | | | of code here.
* People, please read the README file!!!ru2001-04-131-2/+2
| | | | | : These files use 4 space indentation, and other than in the header : comments, should not contain any tabs.
* Back out most of revision 1.28: lists of diagnostics must use -diag,dd2001-04-131-4/+3
| | | | | | | not -tag. Instead, put a period after the error messages to aide those using dumb terminals not capable of properly displaying markup. Requested by: ru
* Update comment to match ipfw/ipfw.c,v 1.95.ru2001-04-132-6/+4
|
* Make SOMAXCONN a kernel option.alfred2001-04-132-0/+3
| | | | Submitted by: Terry Lambert <terry@lambert.org>
* o Disallow two "allow this" exceptions in p_cansignal() restrictingrwatson2001-04-131-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the ability of unprivileged processes to deliver arbitrary signals to daemons temporarily taking on unprivileged effective credentials when P_SUGID is not set on the target process: Removed: (p1->p_cred->cr_ruid != ps->p_cred->cr_uid) (p1->p_ucred->cr_uid != ps->p_cred->cr_uid) o Replace two "allow this" exceptions in p_cansignal() restricting the ability of unprivileged processes to deliver arbitrary signals to daemons temporarily taking on unprivileged effective credentials when P_SUGID is set on the target process: Replaced: (p1->p_cred->p_ruid != p2->p_ucred->cr_uid) (p1->p_cred->cr_uid != p2->p_ucred->cr_uid) With: (p1->p_cred->p_ruid != p2->p_ucred->p_svuid) (p1->p_ucred->cr_uid != p2->p_ucred->p_svuid) o These changes have the effect of making the uid-based handling of both P_SUGID and non-P_SUGID signal delivery consistent, following these four general cases: p1's ruid equals p2's ruid p1's euid equals p2's ruid p1's ruid equals p2's svuid p1's euid equals p2's svuid The P_SUGID and non-P_SUGID cases can now be largely collapsed, and I'll commit this in a few days if no immediate problems are encountered with this set of changes. o These changes remove a number of warning cases identified by the proc_to_proc inter-process authorization regression test. o As these are new restrictions, we'll have to watch out carefully for possible side effects on running code: they seem reasonable to me, but it's possible this change might have to be backed out if problems are experienced. Submitted by: src/tools/regression/security/proc_to_proc/testuid Reviewed by: tmm Obtained from: TrustedBSD Project
* Remove the 'DO NOT EDIT THIS FILE' crud that we spit out with 'crontab -l'.peter2001-04-131-1/+19
| | | | | Otherwise, "crontab -l > file; vi file; crontab file" adds an extra set of "DO NOT EDIT" markers each and every time which is a bit silly.
* With the recent change to ip6fw, it is safe to return to using ${fw6cmd}gshapiro2001-04-131-2/+1
| | | | which may include the -q flag.
* Match ip6fw's command line options to those of ipfw (specifically, addedgshapiro2001-04-132-21/+176
| | | | | | | | | | the ability to use a preprocessor, use the -q (quiet) flag when reading from a file). The source used is from ipfw. Clean up exit codes while I am here. KAME has been informed and plans on integrating these patches into their own source as well.
* o Disable two "allow this" exceptions in p_cansched()m retricting therwatson2001-04-121-1/+4
| | | | | | | | | | | | | | | | | | ability of unprivileged processes to modify the scheduling properties of daemons temporarily taking on unprivileged effective credentials. These cases (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) and (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid), respectively permitting a subject process to influence the scheduling of a daemon if the subject process has the same real uid or effective uid as the daemon's effective uid. This removes a number of the warning cases identified by the proc_to_proc iner-process authorization regression test. o As these are new restrictions, we'll have to watch out carefully for possible side effects on running code: they seem reasonable to me, but it's possible this change might have to be backed out if problems are experienced. Reported by: src/tools/regression/security/proc_to_proc/testuid Obtained from: TrustedBSD Project
* remove truncated part from commmentalfred2001-04-121-1/+1
|
* o Make kqueue's filt_procattach() function use the error value returnedrwatson2001-04-121-2/+3
| | | | | | | | | by p_can(...P_CAN_SEE), rather than returning EACCES directly. This brings the error code used here into line with similar arrangements elsewhere, and prevents the leakage of pid usage information. Reviewed by: jlemon Obtained from: TrustedBSD Project
* o Limit process information leakage by introducing a p_can(...P_CAN_SEE...)rwatson2001-04-121-0/+2
| | | | | | in rtprio()'s RTP_LOOKIP implementation. Obtained from: TrustedBSD Project
* Correct some markupbrian2001-04-121-2/+4
| | | | Submitted by: bde
* o Reduce information leakage into jails by adding invocations ofrwatson2001-04-121-0/+9
| | | | | | | | | p_can(...P_CAN_SEE...) to getpgid(), getsid(), and setpgid(), blocking these operations on processes that should not be visible by the requesting process. Required to reduce information leakage in MAC environments. Obtained from: TrustedBSD Project
* o Expand inter-process authorization regression test to includerwatson2001-04-122-46/+58
| | | | | | | signalling with sigsegv as one of the tests. o Teach errno_to_string() about ENOTSUPP. Obtained from: TrustedBSD Project
* Activate backward-compatible prototypesache2001-04-121-2/+0
|
* Merged from options.i386 revision 1.147.kato2001-04-121-0/+7
|
* Merged from files.i386 revisions 1.359 and 1.360.kato2001-04-121-0/+18
|
OpenPOWER on IntegriCloud