Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
137,708 Commits 606 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
elad ad7b01f7d0 More veriexec changes: 
- Better organize strict level. Now we have 4 levels:
  - Level 0, learning mode: Warnings only about anything that might've
      resulted in 'access denied' or similar in a higher strict level.

  - Level 1, IDS mode:
    - Deny access on fingerprint mismatch.
    - Deny modification of veriexec tables.

  - Level 2, IPS mode:
    - All implications of strict level 1.
    - Deny write access to monitored files.
    - Prevent removal of monitored files.
    - Enforce access type - 'direct', 'indirect', or 'file'.

  - Level 3, lockdown mode:
    - All implications of strict level 2.
    - Prevent creation of new files.
    - Deny access to non-monitored files.

- Update sysctl(3) man-page with above. (date bumped too :)

- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
  longer needed.

- Simplify veriexec_removechk() in light of new strict level policies.

- Eliminate use of 'securelevel'; veriexec now behaves according to
  its strict level only.
2005-06-17 17:46:18 +00:00
bin
Sort options (description).
2005-06-17 14:40:47 +00:00
contrib/sys
crypto
Consume NAT-T packets that have already been seen through MSG_PEEK
2005-06-15 07:29:20 +00:00
dist
gcc 2.96 requires all declarations before variable usage so the last set of
2005-06-16 22:04:24 +00:00
distrib
Install vinum(4) manpage.
2005-06-17 17:12:57 +00:00
doc
Note addition of scan_ffs(8) from OpenBSD, utility to find FFSv1/FFSv2
2005-06-15 18:08:41 +00:00
etc
Don't allow unprivileged users to access the veriexec device.
2005-06-16 15:31:21 +00:00
games
gnu
include
Make disklabel(8) and fdisk(8) into "host tools " last step: build
2005-06-12 19:46:15 +00:00
lib
More veriexec changes:
2005-06-17 17:46:18 +00:00
libexec
Add RCSID.
2005-06-14 12:18:24 +00:00
regress
rescue
sbin
Mark an sh3 gcc unitialized variable w. XXGCC
2005-06-16 20:39:33 +00:00
share
Install vinum(4) manpage.
2005-06-17 17:12:57 +00:00
sys
More veriexec changes:
2005-06-17 17:46:18 +00:00
tools
.include Makefile.disklabel in installboot, so that the
2005-06-12 20:24:14 +00:00
usr.bin
If the line being passed to the shell is a blank line and we're not in compat
2005-06-16 18:07:45 +00:00
usr.sbin
- add -D to usage
2005-06-17 12:02:00 +00:00
x11
build.sh
BUILDING
Makefile
Makefile.inc
UPDATING
Description
No description provided
3.1 GiB
Languages
C 85.3%
Roff 7.2%
Assembly 3.1%
Shell 1.7%
Makefile 1.2%
Other 0.9%