| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
Submitted by: ru
|
|
|
|
| |
Reviewed by: ru
|
|
|
|
|
|
| |
content, and correct the parameters to the -tag list therein.
Reviewed by: ru
|
|
|
|
| |
Obtained from: axp-list@redhat.com / Jay.Estabrook@compaq.com
|
|
|
|
|
|
|
|
| |
permission is in a permission set, required for third-party
applications such as Samba.
Reviewed by: rwatson
Obtained from: TrustedBSD Project
|
|
|
|
|
|
|
|
| |
now compile/work on any POSIX.1e-compliant implementation (also tested
against the current Linux patches).
Review by: rwatson
Obtained from: TrustedBSD Project
|
|
|
|
|
|
|
| |
ACL_UNDEFINED_TAG, ACL_UNDEFINED_ID, ACL_FIRST_ENTRY, ACL_NEXT_ENTRY
Reviewed by: rwatson
Obtained from: TrustedBSD Project
|
|
|
|
|
|
| |
machines, so just hack it to disable them for now until it can be fixed.
Inspired by hair pulling of: asmodai
|
|
|
|
| |
Obtained from: TrustedBSD Project
|
|
|
|
| |
Obtained from: TrustedBSD Project
|
|
|
|
|
|
|
|
|
|
|
| |
Add missing CMedia and Crystal Semiconductor sound chips (submitted by
orion).
Fix estimate of 5.0-RELEASE release date (submitted by dd).
ntpd(8) security fix cross-reference to SA-01:31.
Fix typo: s/maestreo3/maestro3/.
|
|
|
|
|
|
| |
forms of debugging.
Obtained from: TrustedBSD Project
|
|
|
|
|
|
|
|
|
| |
'denied AXFR', not 'unapproved AXFR'.
This is an MFC candidate.
PR: misc/26529
Submitted by: duwde@duwde.com.br
|
|
|
|
|
|
|
|
|
| |
and non-P_SUGID cases, simplify p_cansignal() logic so that the
P_SUGID masking of possible signals is independent from uid checks,
removing redundant code and generally improving readability.
Reviewed by: tmm
Obtained from: TrustedBSD Project
|
|
|
|
| |
Kernel should be compiled with options LIBMCHAIN and LIBICONV.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Remove some old junk.
Submitted by: bde
|
| |
|
| |
|
| |
|
|
|
|
|
| |
about any .c file that includes a .h, and lint produces copious
whining because of the asm ...; stuff.
|
| |
|
| |
|
|
|
|
| |
invoked.
|
| |
|
| |
|
| |
|
|
|
|
| |
- The alpha SMP code uses an "ap boot" spinlock as well.
|
|
|
|
| |
Submitted by: bp
|
|
|
|
| |
of code here.
|
|
|
|
|
| |
: These files use 4 space indentation, and other than in the header
: comments, should not contain any tabs.
|
|
|
|
|
|
|
| |
not -tag. Instead, put a period after the error messages to aide
those using dumb terminals not capable of properly displaying markup.
Requested by: ru
|
| |
|
|
|
|
| |
Submitted by: Terry Lambert <terry@lambert.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the ability of unprivileged processes to deliver arbitrary signals
to daemons temporarily taking on unprivileged effective credentials
when P_SUGID is not set on the target process:
Removed:
(p1->p_cred->cr_ruid != ps->p_cred->cr_uid)
(p1->p_ucred->cr_uid != ps->p_cred->cr_uid)
o Replace two "allow this" exceptions in p_cansignal() restricting
the ability of unprivileged processes to deliver arbitrary signals
to daemons temporarily taking on unprivileged effective credentials
when P_SUGID is set on the target process:
Replaced:
(p1->p_cred->p_ruid != p2->p_ucred->cr_uid)
(p1->p_cred->cr_uid != p2->p_ucred->cr_uid)
With:
(p1->p_cred->p_ruid != p2->p_ucred->p_svuid)
(p1->p_ucred->cr_uid != p2->p_ucred->p_svuid)
o These changes have the effect of making the uid-based handling of
both P_SUGID and non-P_SUGID signal delivery consistent, following
these four general cases:
p1's ruid equals p2's ruid
p1's euid equals p2's ruid
p1's ruid equals p2's svuid
p1's euid equals p2's svuid
The P_SUGID and non-P_SUGID cases can now be largely collapsed,
and I'll commit this in a few days if no immediate problems are
encountered with this set of changes.
o These changes remove a number of warning cases identified by the
proc_to_proc inter-process authorization regression test.
o As these are new restrictions, we'll have to watch out carefully for
possible side effects on running code: they seem reasonable to me,
but it's possible this change might have to be backed out if problems
are experienced.
Submitted by: src/tools/regression/security/proc_to_proc/testuid
Reviewed by: tmm
Obtained from: TrustedBSD Project
|
|
|
|
|
| |
Otherwise, "crontab -l > file; vi file; crontab file" adds an extra set
of "DO NOT EDIT" markers each and every time which is a bit silly.
|
|
|
|
| |
which may include the -q flag.
|
|
|
|
|
|
|
|
|
|
| |
the ability to use a preprocessor, use the -q (quiet) flag when reading
from a file). The source used is from ipfw.
Clean up exit codes while I am here.
KAME has been informed and plans on integrating these patches into their
own source as well.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ability of unprivileged processes to modify the scheduling properties
of daemons temporarily taking on unprivileged effective credentials.
These cases (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) and
(p1->p_ucred->cr_uid == p2->p_ucred->cr_uid), respectively permitting
a subject process to influence the scheduling of a daemon if the subject
process has the same real uid or effective uid as the daemon's effective
uid. This removes a number of the warning cases identified by the
proc_to_proc iner-process authorization regression test.
o As these are new restrictions, we'll have to watch out carefully for
possible side effects on running code: they seem reasonable to me,
but it's possible this change might have to be backed out if problems
are experienced.
Reported by: src/tools/regression/security/proc_to_proc/testuid
Obtained from: TrustedBSD Project
|
| |
|
|
|
|
|
|
|
|
|
| |
by p_can(...P_CAN_SEE), rather than returning EACCES directly. This
brings the error code used here into line with similar arrangements
elsewhere, and prevents the leakage of pid usage information.
Reviewed by: jlemon
Obtained from: TrustedBSD Project
|
|
|
|
|
|
| |
in rtprio()'s RTP_LOOKIP implementation.
Obtained from: TrustedBSD Project
|
|
|
|
| |
Submitted by: bde
|
|
|
|
|
|
|
|
|
| |
p_can(...P_CAN_SEE...) to getpgid(), getsid(), and setpgid(),
blocking these operations on processes that should not be visible
by the requesting process. Required to reduce information leakage
in MAC environments.
Obtained from: TrustedBSD Project
|
|
|
|
|
|
|
| |
signalling with sigsegv as one of the tests.
o Teach errno_to_string() about ENOTSUPP.
Obtained from: TrustedBSD Project
|
| |
|
| |
|
| |
|