Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
112,190 Commits 606 Branches 0 Tags 3.1 GiB
60ec1171ef
Commit Graph

76 Commits

Author SHA1 Message Date
provos
4a6e1b3b24 fix EOF on input bug; from mpech@prosoft 2003-04-23 17:44:59 +00:00
wiz
8dda1d8092 Use Dq and Sq. Drop a trailing space. 2003-04-16 10:17:26 +00:00
itojun
a18a285e73 need 11 chars for %u. Peter Valchev 2003-04-16 08:07:51 +00:00
provos
7685de2195 use LOGIN_NAME_MAX instead of MAXLOGNAME; closes pr/21048 2003-04-09 17:50:08 +00:00
atatat
55a73f6d52 mdkdir -> mkdir 2003-03-26 17:00:57 +00:00
provos
e3cb39834b mention "parse error" on stdout for interactive policy generation 2003-03-26 03:40:02 +00:00
provos
a2468a8d04 new "ask" action. creates a new rule that prompts the user for an 
action but allows only yes or no answer.  inspired from talking
with dugsong@monkey
 2003-03-25 23:17:29 +00:00
provos
5173f83708 recognize process group pid 2003-03-25 23:15:22 +00:00
provos
488a952788 better -c parsing; from camiel@sentia 2003-03-25 23:04:48 +00:00
provos
66570390e4 More details and a few improvement for style. from ian@darwinsys 2003-03-25 23:00:05 +00:00
provos
2b37f26aed mkdir requires unlinkname as a translator; unlinkname does not return 
<non-existent filename> errors any longer.
 2003-03-25 22:58:24 +00:00
provos
f605994ea3 rename was using an incorrect translation. 2003-03-25 22:54:59 +00:00
provos
887e433ee2 bug in profile feedback optimization; found by dirt@monkey 2003-03-25 22:48:42 +00:00
provos
4ff1bfdbd5 allow logging for untranslated syscalls; from anil@recoil.org 2002-12-15 19:05:31 +00:00
scw
f7aebc0017 Cast from register_t to void * via intptr_t. 2002-12-06 09:49:36 +00:00
thorpej
5759456a18 Avoid confict with reserved identifier "log". 2002-12-06 01:43:18 +00:00
provos
fec70f4a84 typos; fgsch@olimpo.com.br 2002-12-05 19:33:39 +00:00
provos
e9f87b6c2c better parsing of # comments 2002-12-04 03:19:05 +00:00
provos
da50ee4397 prevent attempt to use in-kernel fastpath for aliased system calls. 2002-11-25 06:25:09 +00:00
provos
048da773ed error messages need to go to stderr 2002-11-23 17:42:45 +00:00
provos
49d6b23841 check for trans_size is not needed. 2002-11-15 21:36:25 +00:00
provos
695ad5ee17 add support for regular expressions to be more flexible with policy string 
matching.
 2002-11-02 20:04:20 +00:00
provos
c27faa29c9 performance improvement by omitting a redundant getcwd. 2002-11-02 19:57:02 +00:00
provos
98c03e54fd register pidname and signame translation for kill(2) 2002-11-02 19:49:21 +00:00
provos
c989923700 rename exported variables to avoid name space polution. 2002-11-02 19:43:27 +00:00
provos
e93fe1e2ba NULL to 0; from navin@gdit.iiit.net 2002-11-02 16:27:46 +00:00
itojun
8b5e86873c typo, reported by avsm@openbsd 2002-10-31 23:01:27 +00:00
provos
5f7d4eab6c fix bug in determining execve name 2002-10-30 17:39:34 +00:00
provos
e9ac78c504 allow empty string 2002-10-29 15:44:38 +00:00
provos
4df7def23e missing break; from grange@rt.mipt.ru 2002-10-28 16:50:05 +00:00
jdolecek
196f994fd8 use .Nx 2.0 consistently in HISTORY section 
add .\" NEXTRELEASE tag before the .Nx to make it possible to quickly
  find version references in case this would need to be changed
 2002-10-23 09:44:35 +00:00
provos
04a469212b cleanup 2002-10-17 04:45:04 +00:00
itojun
553d79070e \n before new sentence. 2002-10-16 14:58:33 +00:00
itojun
e8745f23b6 sync better w/ openbsd tree (cosmetic) 2002-10-16 14:56:11 +00:00
provos
690d7c3ad0 fix type; its "as :group" 2002-10-11 23:31:00 +00:00
provos
61e8c76047 support for privilege elevation. 
with privilege elevation no suid or sgid binaries are necessary any
longer.  Applications can be executed completely unprivileged. Systrace
raises the privileges for a single system call depending on the
configured policy.

Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.
Approved by christos and thorpej.
 2002-10-11 21:54:55 +00:00
provos
931062ce16 translation for socket system call 2002-10-11 04:40:11 +00:00
provos
1b3623c27a correctly evaluate group predicates 2002-10-10 14:06:30 +00:00
provos
306becc9b9 add A to usage; noted by nickus@mpi-cbg.de 2002-10-08 14:50:57 +00:00
provos
89afc325c0 predicates are part of the grammar now; in non-root case, predicates are 
evaluated only once; in root case, predicates and variable expansion are
dynamic.
 2002-10-08 14:49:23 +00:00
itojun
ed21532463 "output" is a pointer of size "outlen", so use outlen instead of 
sizeof(output)

From: "Vincent Labrecque" <vincent@psyfreaks.ca>
 2002-10-08 02:47:59 +00:00
provos
4b7278c7f2 use FNM_LEADING_DIR 2002-10-06 03:16:25 +00:00
provos
9008ac33c8 assume that inserting a template implies permit for the current syscall 2002-10-06 01:28:55 +00:00
provos
a79af4d624 fix return value; from marius@umich.edu 2002-09-28 17:56:54 +00:00
wiz
14dfaa4b03 New policy: New sentences start on a new line. 
Patches by Robert Elz <kre at munnari oz au>, with minimal changes by me.
 2002-09-25 15:18:36 +00:00
itojun
d584f0a0fc support for templates. they allow fast generation of new policies. an 
appropriate template can be inserted during initial policy generation.
from provos
 2002-09-23 04:35:41 +00:00
itojun
ca5a36677b split white space and single line policy processing into separate 
functions.  from provos
 2002-09-17 05:07:21 +00:00
itojun
0b2d2fe3d7 daemon should not change the directory. from provos 2002-09-17 04:54:36 +00:00
itojun
c1261b4aff periodically save policies that have been modified. from provos 
>here is a diff that will cause systrace to periodically save policies
>that have been modified.  Useful if you run systrace on an xterm and
>kill it accidently.  Or other applications like opera that are long
>running and can cause weird crashes.
 2002-09-16 04:31:46 +00:00
itojun
c81b949059 allow # in system call name. remove trailing white space. 
from provos
 2002-08-30 17:09:31 +00:00