Commit Graph

96 Commits

Author SHA1 Message Date
ad
087fdb9080 Count the number of CPUs at boot and stash in 'ncpu'. Eventually should
have each CPU register at attach, so we can figure out the topology for
the scheduler.
2007-02-15 20:32:47 +00:00
ad
b07ec3fc38 Merge newlock2 to head. 2007-02-09 21:55:00 +00:00
elad
317687e988 Don't rely on KAUTH_PROCESS_CANSEE for environment just yet,
otherwise we're allowing anyone to read the environment unless
curtain is enabled.

From yamt@.
2007-01-22 15:11:52 +00:00
elad
e0d8be4efc Move Veriexec's sysctl(9) setup routine and helper to kern_verifiedexec.c. 2006-11-27 17:45:36 +00:00
christos
df031f1edc PR/34837: Mindaguas: Add SysV SHM dynamic reallocation and locking to the
physical memory
2006-11-25 21:40:04 +00:00
christos
3f78162b5c implement kern.arandom properly, instead of lying about it and only filling
the first 4 bytes of the array with random data.
2006-11-01 22:27:43 +00:00
christos
ce42f55037 add the emulation in kinfo_proc2 2006-10-29 22:34:07 +00:00
elad
5cb38e5a6c Back out previous (p_flag2).
In 30 minutes from now Jason Thorpe will come up with an implementation
of a proplib dictionary in struct proc, so adding an int doesn't really
make any sense.
2006-10-03 16:07:12 +00:00
elad
f346fbdce9 Until we figure out the Perfect Way of adding flags to processes, add
a p_flag2. No objections on tech-kern@.

Input from simonb@, thanks!
2006-10-03 11:23:32 +00:00
dogcow
78b90930eb correct dcopyout #define for !KTRACE case. 2006-09-24 05:46:14 +00:00
manu
8a1037a46b Add a -t+S flag to ktrace for tracing activity related to sysctl. MIB
names will be displayed, with data readen and written as well.
2006-09-23 22:01:04 +00:00
elad
bada0c776a Don't use KAUTH_RESULT_* where it's not applicable.
Prompted by yamt@.
2006-09-13 10:07:42 +00:00
manu
bdfbd98ac1 When getting the program argument or environement string, we previously
assumed that all the strings were stored in a row, separated by NUL chars,
 at the address pointed bu argv[0] (or envp[0]).

This was wrong: if the program changed argvs[0], we still read the
first string correctly, but the next strings did contain unexpected data.

The fix: read the whole argv (or envp) array, then copy the string one by
one, using their addresses in argv (or agrp)
2006-09-10 05:46:02 +00:00
elad
5f7169ccb1 First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.

- Add a few more actions/sub-actions (requests), and start using them as
  opposed to the KAUTH_GENERIC_ISSUSER place-holders.

- Introduce a basic set of listeners that implement our "traditional"
  security model, called "bsd44". This is the default (and only) model we
  have at the moment.

- Update all relevant documentation.

- Add some code and docs to help folks who want to actually use this stuff:

  * There's a sample overlay model, sitting on-top of "bsd44", for
    fast experimenting with tweaking just a subset of an existing model.

    This is pretty cool because it's *really* straightforward to do stuff
    you had to use ugly hacks for until now...

  * And of course, documentation describing how to do the above for quick
    reference, including code samples.

All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:

	http://kauth.linbsd.org/kauthwiki

NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:

  - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
  - Checks 'securelevel' directly,
  - Checks a uid/gid directly.

(or if you feel you have to, contact me first)

This is still work in progress; It's far from being done, but now it'll
be a lot easier.

Relevant mailing list threads:

http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html

Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).

Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.

Happy birthday Randi! :)
2006-09-08 20:58:56 +00:00
manu
9f294e2262 When colecting a 32 bit process' argument or environement vector, we need
to convert 32 bits pointers to the 64 bit environement
2006-09-08 11:59:52 +00:00
dogcow
c959b3c4bd at the request of elad, as veriexec.h has returned, revert the changes
from 2006-07-25.
2006-07-26 09:33:57 +00:00
dogcow
cc44d2fe07 mechanically go through and
s,include "veriexec.h",include <sys/verified_exec.h>,
as the former has apparently gone away.
2006-07-25 00:23:06 +00:00
elad
5d611badde some fixes:
- adapt to NVERIEXEC in init_sysctl.c.
  - we now need "veriexec.h" for NVERIEXEC.
  - "opt_verified_exec.h" -> "opt_veriexec.h", and include it only where
    it is needed.
2006-07-24 16:37:28 +00:00
ad
f474dceb13 Use the LWP cached credentials where sane. 2006-07-23 22:06:03 +00:00
ad
2af3d29e01 - Don't cast kauth_cred_t to (struct ucred *), just set pc_ucred = NULL.
- Fill ucred::cr_ref.
2006-07-17 14:47:02 +00:00
elad
d4410e6fde CURTAIN() -> KAUTH_GENERIC_CANSEE. 2006-07-16 20:21:42 +00:00
elad
1c8d298b89 move security.setid_core.* to kern.coredump.setid.*, as requested by yamt@. 2006-07-14 21:55:19 +00:00
christos
ece76dd170 Don't leak memory on success. Allocate only the type of struct that we'll
need for efficiency.
2006-06-21 13:46:17 +00:00
christos
709b2e6f55 don't allocate too much stuff on the stack. 2006-06-20 03:20:44 +00:00
yamt
7b37f4549b sysctl_security_setidcorename: don't allocate MAXPATHLEN bytes on stack. 2006-06-17 06:54:58 +00:00
yamt
f755e9e9b8 remove unnecessary arguments from kauth_authorize_process.
ie. make it similar to the one found in apple TN.
2006-06-13 13:56:50 +00:00
yamt
c1e6396657 sysctl_kern_file, sysctl_kern_file2: don't abuse kauth_authorize_process
for non-process objects.
2006-06-13 13:52:06 +00:00
yamt
52e88e8188 sysctl_kern_file2: fix an indent. 2006-06-13 13:23:03 +00:00
elad
215bd95ba4 integrate kauth. 2006-05-14 21:15:11 +00:00
elad
7ee081e4bd Move securelevel-specific stuff to its own file. 2006-04-17 03:39:39 +00:00
blymn
3c0adb7d99 Make i/o statistics collection more generic, include tape drives and
nfs mounts in the set of devices that statistics will be reported on.
2006-04-14 13:09:05 +00:00
christos
dfabd062ab PR/32809: Pavel Cahyna: Conflicting flags in l_flag and p_flag are causing
ps(1) to print incorrect information. Annotate the flags in the header files
to make sure that flags are not being re-used and move flags so that there
are no conflicts.
2006-04-01 00:57:34 +00:00
erh
0cccd65efb When DIAGNOSTIC is defined, provide a kern.panic_now sysctl to conviniently
and reliably panic the system
2006-03-26 20:07:21 +00:00
yamt
ec5a93183a merge yamt-uio_vmspace branch.
- use vmspace rather than proc or lwp where appropriate.
  the latter is more natural to specify an address space.
  (and less likely to be abused for random purposes.)
- fix a swdmover race.
2006-03-01 12:38:10 +00:00
yamt
5a3e361753 for some random places, use PNBUF_GET/PUT rather than
- on-stack buffer
	- malloc(MAXPATHLEN)
2006-02-04 12:09:50 +00:00
elad
4a302fa004 implement a security.setid_core node as discussed on tech-kern@ and
tech-security@.
2006-02-02 17:48:51 +00:00
elad
2f934347d3 remove security node sysctl objects; they are now created using CTL_CREATE. 2006-01-27 03:14:56 +00:00
perry
144515ce1a u_intN_t -> uintN_t 2005-12-26 18:41:36 +00:00
christos
95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
christos
184ad089a7 - make settime take timespec.
- avoid wrapping of time in settime.
- pass struct proc down so that we can log a detailed message.
2005-12-05 00:16:33 +00:00
yamt
c610dbbdc2 sysctl_kern_proc_args: don't assume that the process is
resident while we are sleeping.
2005-10-08 06:35:56 +00:00
elad
bc433a82fb Implement curtain in KERN_{PROC,PROC2,FILE,FILE2,PROC_ARGS}.
While I'm here, disable curtain by default.
2005-09-07 17:30:07 +00:00
elad
ec14f2d11e Introduce ``security.curtain'', new node for security features and
settings, and new variable for controlling access to objects based
on user-id.
2005-09-07 16:26:15 +00:00
rpaulo
f305bcafe3 Implement kern.hardclock_ticks. 2005-09-06 02:36:17 +00:00
simonb
fbcb9c4760 Fix a tyop in a comment. 2005-08-24 16:00:54 +00:00
blymn
01d37a82c0 Remove the tape stats from here, they caused issues on non-scsipi
architectures.
2005-08-13 10:48:27 +00:00
blymn
c0065dc0df Don't include tape stats functions if no devices configured. 2005-08-08 12:12:30 +00:00
blymn
ad6c334dcd Add tape statistics gathering functions. 2005-08-07 12:28:34 +00:00
elad
753edff337 #ifdef VERIFIED_EXEC 2005-07-29 14:49:00 +00:00
christos
1510fe1543 defopt verified_exec. 2005-07-16 22:47:18 +00:00