Commit Graph

12 Commits

Author SHA1 Message Date
provos 2244ab26a9 allow underscores in usernames 2003-11-18 05:28:05 +00:00
provos 5edbacc575 escape \n and \r, too 2003-08-01 06:15:02 +00:00
provos c57cb7fe98 escape " and \ to \" and \\; with the help of marius@monkey.org; 2003-06-03 01:20:06 +00:00
provos bd80d3ced7 permit numberic values for uid and gid; allow "<" and ">" for less and
greater; requested by dugsong
2003-05-20 22:45:13 +00:00
provos a2468a8d04 new "ask" action. creates a new rule that prompts the user for an
action but allows only yes or no answer.  inspired from talking
with dugsong@monkey
2003-03-25 23:17:29 +00:00
provos 695ad5ee17 add support for regular expressions to be more flexible with policy string
matching.
2002-11-02 20:04:20 +00:00
provos e9ac78c504 allow empty string 2002-10-29 15:44:38 +00:00
provos 61e8c76047 support for privilege elevation.
with privilege elevation no suid or sgid binaries are necessary any
longer.  Applications can be executed completely unprivileged. Systrace
raises the privileges for a single system call depending on the
configured policy.

Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.
Approved by christos and thorpej.
2002-10-11 21:54:55 +00:00
provos 89afc325c0 predicates are part of the grammar now; in non-root case, predicates are
evaluated only once; in root case, predicates and variable expansion are
dynamic.
2002-10-08 14:49:23 +00:00
itojun b6aefbe19f sync with latest systrace in openbsd tree. improved systrace with chroot. 2002-08-28 03:52:44 +00:00
itojun 4f0c9c76b6 sync up with latest openbsd systrace.
- avoid race conditions by having seqno in ioctl
- better uid/gid tracking
- "replace" policy to replace args
- less diffs, as many of local changes were fed back to openbsd already

due to the 1st item, it was impossible for us to provide backward-compatibility
(new kernel + old bin/systrace won't work).  upgrade both.
2002-07-30 16:29:28 +00:00
christos 5039a9e5ee Add userland portion of systrace. 2002-06-17 16:29:07 +00:00