summaryrefslogtreecommitdiffstats
path: root/sys
Commit message (Collapse)AuthorAgeFilesLines
* Fix an off-by-2 error in periphdriver_register(). The read side of theken2001-04-161-1/+1
| | | | | | | | bcopy would go off the end of the array by two elements, which sometimes causes a panic if it happens to cross into a page that isn't mapped. Submitted by: gibbs Reviewed by: peter
* Move the isa parts to a separate file.jhay2001-04-166-2447/+6
|
* Update to the 2001-04-02 version of the nanokernel code from Dave Mills.jhay2001-04-162-24/+30
|
* Merged from sys/i386/isa/npx.c revision 1.95.kato2001-04-161-1/+1
|
* Merged from sys/conf/options.i386 revision 1.148.kato2001-04-161-2/+2
|
* Turn on kernel debugging support (DDB, INVARIANTS, INVARIANT_SUPPORT, WITNESS)obrien2001-04-156-6/+42
| | | | | | by default while SMPng is still being developed. Submitted by: jhb
* use TAILQ_FOREACH, fix a comment's locationalfred2001-04-153-15/+6
|
* Call strlen() once instead of twice.brian2001-04-141-2/+2
|
* Back out wrapping the asm ... ; bits in #ifndef lint macros. Theremarkm2001-04-141-6/+0
| | | | | | | | | | | | | | | | | are some good reasons for not doing this, even if the linting of the code breaks. 1) If lint were ever to understand the stuff inside the macros, that would break the checks. 2) There are ways to use __GNUC__ to exclude overly specific code. 3) (Not yet practical) Lint(1) needs to properlyu understand all of te code we actually run. Complained about by: bde Education by: jake, jhb, eivind
* The VIA 586 chip does UDMA from rev 0x3 onwards.sos2001-04-141-1/+1
| | | | MFC candidate!
* Update to describe use of mdconfig instead of deprecated vnconfig.mckusick2001-04-141-3/+3
| | | | Submitted by: Steve Ames <steve@virtual-voodoo.com>
* dgm now builds as a modulebrian2001-04-142-1/+9
|
* New-busify and ansify.brian2001-04-141-895/+1061
| | | | | I've cleaned up a bit of the formatting here, but it's still a long way from style(9).
* This checkin adds support in ufs/ffs for the FS_NEEDSFSCK flag.mckusick2001-04-143-8/+19
| | | | | | | | | | | | | | | | | | | It is described in ufs/ffs/fs.h as follows: /* * Filesystem flags. * * Note that the FS_NEEDSFSCK flag is set and cleared only by the * fsck utility. It is set when background fsck finds an unexpected * inconsistency which requires a traditional foreground fsck to be * run. Such inconsistencies should only be found after an uncorrectable * disk error. A foreground fsck will clear the FS_NEEDSFSCK flag when * it has successfully cleaned up the filesystem. The kernel uses this * flag to enforce that inconsistent filesystems be mounted read-only. */ #define FS_UNCLEAN 0x01 /* filesystem not clean at mount */ #define FS_DOSOFTDEP 0x02 /* filesystem using soft dependencies */ #define FS_NEEDSFSCK 0x04 /* filesystem needs sync fsck before mount */
* Add acl_get_perm_np(3), a non-portable function to check if ajedgar2001-04-131-0/+1
| | | | | | | | permission is in a permission set, required for third-party applications such as Samba. Reviewed by: rwatson Obtained from: TrustedBSD Project
* Add the remaining POSIX.1e ACL definitions:jedgar2001-04-131-7/+20
| | | | | | | ACL_UNDEFINED_TAG, ACL_UNDEFINED_ID, ACL_FIRST_ENTRY, ACL_NEXT_ENTRY Reviewed by: rwatson Obtained from: TrustedBSD Project
* People are still having problems with i586_* on UP machines and SMPjhb2001-04-133-3/+3
| | | | | | machines, so just hack it to disable them for now until it can be fixed. Inspired by hair pulling of: asmodai
* o Since uid checks in p_cansignal() are now identical between P_SUGIDrwatson2001-04-131-28/+14
| | | | | | | | | and non-P_SUGID cases, simplify p_cansignal() logic so that the P_SUGID masking of possible signals is independent from uid checks, removing redundant code and generally improving readability. Reviewed by: tmm Obtained from: TrustedBSD Project
* Add smbfs module. Currently it includes smbfs, netsmb and DES parts.bp2001-04-132-1/+63
| | | | Kernel should be compiled with options LIBMCHAIN and LIBICONV.
* Move VT_SMBFS definition to the proper place. Undefine VI_LOCK/VI_UNLOCK.bp2001-04-132-8/+1
|
* if/panic -> KASSERTalfred2001-04-131-7/+8
|
* All NETSMB* options should use opt_netsmb.h file (the joy of multiple repos).bp2001-04-131-2/+2
|
* This file also depends on sys/types.h and sys/ioccom.h.bp2001-04-131-7/+6
| | | | | | Remove some old junk. Submitted by: bde
* protect pbufs and associated counts with a mutexalfred2001-04-133-2/+14
|
* use %p for pointer printf, include sys/systm.h for printf protoalfred2001-04-131-6/+7
|
* convert if/panic -> KASSERT, explain what triggered the assertionalfred2001-04-131-2/+4
|
* Make this more lint-friendly. This file seems to be invoked in justmarkm2001-04-131-4/+10
| | | | | about any .c file that includes a .h, and lint produces copious whining because of the asm ...; stuff.
* Generate useful error messages.murray2001-04-131-4/+4
|
* Handle a rare but fatal race invoked sometimes when SIGSTOP ismarkm2001-04-132-2/+2
| | | | invoked.
* - Add a comment at the start of the spin locks list.jhb2001-04-131-1/+4
| | | | - The alpha SMP code uses an "ap boot" spinlock as well.
* Use a macro wrapper over printf along with KASSERT to reduce the amountalfred2001-04-131-40/+15
| | | | of code here.
* Make SOMAXCONN a kernel option.alfred2001-04-132-0/+3
| | | | Submitted by: Terry Lambert <terry@lambert.org>
* o Disallow two "allow this" exceptions in p_cansignal() restrictingrwatson2001-04-131-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the ability of unprivileged processes to deliver arbitrary signals to daemons temporarily taking on unprivileged effective credentials when P_SUGID is not set on the target process: Removed: (p1->p_cred->cr_ruid != ps->p_cred->cr_uid) (p1->p_ucred->cr_uid != ps->p_cred->cr_uid) o Replace two "allow this" exceptions in p_cansignal() restricting the ability of unprivileged processes to deliver arbitrary signals to daemons temporarily taking on unprivileged effective credentials when P_SUGID is set on the target process: Replaced: (p1->p_cred->p_ruid != p2->p_ucred->cr_uid) (p1->p_cred->cr_uid != p2->p_ucred->cr_uid) With: (p1->p_cred->p_ruid != p2->p_ucred->p_svuid) (p1->p_ucred->cr_uid != p2->p_ucred->p_svuid) o These changes have the effect of making the uid-based handling of both P_SUGID and non-P_SUGID signal delivery consistent, following these four general cases: p1's ruid equals p2's ruid p1's euid equals p2's ruid p1's ruid equals p2's svuid p1's euid equals p2's svuid The P_SUGID and non-P_SUGID cases can now be largely collapsed, and I'll commit this in a few days if no immediate problems are encountered with this set of changes. o These changes remove a number of warning cases identified by the proc_to_proc inter-process authorization regression test. o As these are new restrictions, we'll have to watch out carefully for possible side effects on running code: they seem reasonable to me, but it's possible this change might have to be backed out if problems are experienced. Submitted by: src/tools/regression/security/proc_to_proc/testuid Reviewed by: tmm Obtained from: TrustedBSD Project
* o Disable two "allow this" exceptions in p_cansched()m retricting therwatson2001-04-121-1/+4
| | | | | | | | | | | | | | | | | | ability of unprivileged processes to modify the scheduling properties of daemons temporarily taking on unprivileged effective credentials. These cases (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) and (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid), respectively permitting a subject process to influence the scheduling of a daemon if the subject process has the same real uid or effective uid as the daemon's effective uid. This removes a number of the warning cases identified by the proc_to_proc iner-process authorization regression test. o As these are new restrictions, we'll have to watch out carefully for possible side effects on running code: they seem reasonable to me, but it's possible this change might have to be backed out if problems are experienced. Reported by: src/tools/regression/security/proc_to_proc/testuid Obtained from: TrustedBSD Project
* remove truncated part from commmentalfred2001-04-121-1/+1
|
* o Make kqueue's filt_procattach() function use the error value returnedrwatson2001-04-121-2/+3
| | | | | | | | | by p_can(...P_CAN_SEE), rather than returning EACCES directly. This brings the error code used here into line with similar arrangements elsewhere, and prevents the leakage of pid usage information. Reviewed by: jlemon Obtained from: TrustedBSD Project
* o Limit process information leakage by introducing a p_can(...P_CAN_SEE...)rwatson2001-04-121-0/+2
| | | | | | in rtprio()'s RTP_LOOKIP implementation. Obtained from: TrustedBSD Project
* o Reduce information leakage into jails by adding invocations ofrwatson2001-04-121-0/+9
| | | | | | | | | p_can(...P_CAN_SEE...) to getpgid(), getsid(), and setpgid(), blocking these operations on processes that should not be visible by the requesting process. Required to reduce information leakage in MAC environments. Obtained from: TrustedBSD Project
* Merged from options.i386 revision 1.147.kato2001-04-121-0/+7
|
* Merged from files.i386 revisions 1.359 and 1.360.kato2001-04-121-0/+18
|
* Regen.n_hibma2001-04-122-17/+84
|
* TDK idsn_hibma2001-04-121-1/+8
| | | | Submitted by: Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>
* From NetBSDn_hibma2001-04-121-5/+11
|
* o Replace p_cankill() with p_cansignal(), remove wrappage of p_can()rwatson2001-04-123-43/+75
| | | | | | | | | | | | | | | | | | from signal authorization checking. o p_cansignal() takes three arguments: subject process, object process, and signal number, unlike p_cankill(), which only took into account the processes and not the signal number, improving the abstraction such that CANSIGNAL() from kern_sig.c can now also be eliminated; previously CANSIGNAL() special-cased the handling of SIGCONT based on process session. privused is now deprecated. o The new p_cansignal() further limits the set of signals that may be delivered to processes with P_SUGID set, and restructures the access control check to allow it to be extended more easily. o These changes take into account work done by the OpenBSD Project, as well as by Robert Watson and Thomas Moestl on the TrustedBSD Project. Obtained from: TrustedBSD Project
* Fix minor typo in comment. 112x -> 12xximp2001-04-112-2/+2
|
* Don't reference a node after we dropped a reference to itarchie2001-04-111-1/+2
| | | | (same as in previous checkin, but in a different function).
* Pull constants from netsmb/smb.h.bp2001-04-111-0/+2
|
* Add IBM3765 to newcard's pcic pnp device listimp2001-04-111-2/+3
|
* o Regenerated following introduction of __setugid() system call forrwatson2001-04-116-8/+17
| | | | | | "options REGRESSION". Obtained from: TrustedBSD Project
* o Introduce a new system call, __setsugid(), which allows a process torwatson2001-04-112-0/+24
| | | | | | | | | | | | | | | | | toggle the P_SUGID bit explicitly, rather than relying on it being set implicitly by other protection and credential logic. This feature is introduced to support inter-process authorization regression testing by simplifying userland credential management allowing the easy isolation and reproduction of authorization events with specific security contexts. This feature is enabled only by "options REGRESSION" and is not intended to be used by applications. While the feature is not known to introduce security vulnerabilities, it does allow processes to enter previously inaccessible parts of the credential state machine, and is therefore disabled by default. It may not constitute a risk, and therefore in the future pending further analysis (and appropriate need) may become a published interface. Obtained from: TrustedBSD Project
OpenPOWER on IntegriCloud