Commit Graph

19 Commits

Author SHA1 Message Date
elad 1b7133edad From marius@openbsd:
Fix an issue when scripts are executed under systrace where the argv[0]
would be normalized, and hence break scripts that depend on how they were
called.
2005-06-27 17:11:20 +00:00
elad 8ebc2e9bee From marius@openbsd:
Add an exec message so that whenever a set-uid/gid process executes a new
image which we may control, the exec does not go by unnoticed.
2005-06-26 19:58:29 +00:00
jdolecek 0e3af04f6a use native syscallnames[] array for 'aout' and 'aoutm68k' "emulations" - it's
only used for syscall name <-> number translations, and the native array
is guaranteed to be superset of the former 'aout' and 'aoutm68k' arrays

this re-adds 'aoutm68k' support, and replaces change made in 1.14

g/c #include's which are no longer needed (including aout_syscalls.c), and
also add some comments for the emulations[] array
2004-09-12 11:05:43 +00:00
jdolecek c2ce3ec2d5 constify 2004-09-12 09:25:59 +00:00
he 72ed8803cf Remove references to aoutm68k_syscalls.c, following that file's removal. 2004-09-10 18:30:20 +00:00
fvdl 84f47d78af Don't initialize an integer field with NULL. 2003-10-21 02:11:21 +00:00
cb 5f734a1850 fix a race condition between path resolution in userland
and the subsequent namei(): inform the kernel portion of
valid filenames and then disallow symlink lookups for
those filenames by means of a hook in namei().
with suggestions from provos@

also, add (currently unused) seqnr field to struct
systrace_replace, from provos@
2003-08-25 09:12:42 +00:00
provos 2268d69749 support for a new kernel message that informs userland that an in-kernel
policy has been freed.  this allows us to enforce the kernel policy size
limit for users while users are still able to execute an arbitary number
of applications;  the protocol change is backwards compatible.
2003-06-03 04:33:44 +00:00
scw f7aebc0017 Cast from register_t to void * via intptr_t. 2002-12-06 09:49:36 +00:00
provos c27faa29c9 performance improvement by omitting a redundant getcwd. 2002-11-02 19:57:02 +00:00
provos 61e8c76047 support for privilege elevation.
with privilege elevation no suid or sgid binaries are necessary any
longer.  Applications can be executed completely unprivileged. Systrace
raises the privileges for a single system call depending on the
configured policy.

Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.
Approved by christos and thorpej.
2002-10-11 21:54:55 +00:00
provos 89afc325c0 predicates are part of the grammar now; in non-root case, predicates are
evaluated only once; in root case, predicates and variable expansion are
dynamic.
2002-10-08 14:49:23 +00:00
itojun b6aefbe19f sync with latest systrace in openbsd tree. improved systrace with chroot. 2002-08-28 03:52:44 +00:00
itojun 4f0c9c76b6 sync up with latest openbsd systrace.
- avoid race conditions by having seqno in ioctl
- better uid/gid tracking
- "replace" policy to replace args
- less diffs, as many of local changes were fed back to openbsd already

due to the 1st item, it was impossible for us to provide backward-compatibility
(new kernel + old bin/systrace won't work).  upgrade both.
2002-07-30 16:29:28 +00:00
thorpej 4192e0aa5a Fix an include snafu pointed out by Matt Thomas. 2002-06-18 02:55:19 +00:00
thorpej 873bb550a0 Some const poisoning. 2002-06-18 02:49:08 +00:00
thorpej 0e0062e921 * Use CPPFLAGS for preprocessor flags, not CFLAGS.
* Don't -I/sys -- that breaks cross-building.  Instead, use relative
  pathnames in netbsd-syscalls.c, similar to what kdump does.
* No need to explicitly CLEANFILES the generated lex/yacc results.
* No need to link against libl and liby.
2002-06-18 01:37:12 +00:00
thorpej 5a040ec813 The SYSTR_CLONE ioctl is gone, so don't use it. (The kernel clones
the systrace communication channel as needed.)
2002-06-18 01:25:04 +00:00
christos 5039a9e5ee Add userland portion of systrace. 2002-06-17 16:29:07 +00:00