src - OpenBSD base system

Age	Commit message (Collapse)	Author
2006-09-19	Use S_IS* macros insted of masking with S_IF* flags. The latter may	Otto Moerbeek
	have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@
2006-07-02	sync with systrace 1.6d, keeping local changes	Nikolay Sturm
	tests and feedback by a few
2006-04-26	ARGSUSED and a FALLTHROUGH to please lint	Nikolay Sturm
	ok deraadt
2006-03-06	convert permanent privilege revocation to use setresuid/setresgid;	Damien Miller
	ok henning@
2004-07-07	fix an issue when scripts are exec'd under systrace where	marius eriksen
	the argv[0] would be normalized, and hence break scripts that depend on how they were called. this fixes an issue in the ports builds. ok provos@ deraadt@; lots of testing during hackathon sturm@ naddy@
2004-06-24	if we have detached after an exec, bail out early, and avoid a double free.	marius eriksen
	ok provos@, "works fine" sturm@
2004-06-23	a few fixes to systrace	marius eriksen
	- add an exec message so that whenever a set-uid/gid process exec's a new image which we may control, the exec does not go by unnoticed. - take special care to check for P_SUGIDEXEC as well as P_SUGID, corresponding to the same changes that were made in the ptrace code a while ago ok niels@, sturm@; thanks to naddy for testing
2004-03-30	if a string considered a filename is too long, don't exit but just let	Nikolay Sturm
	the syscall fail, it might not actually be a filename fixes pr 3140, ok provos@
2004-01-30	The empty filename does not receive normalization.	Nikolay Sturm
	System calls are supposed to fail on it. from provos@, ok markus@
2003-10-18	typos from Jared Yanovich;	Jason McIntyre

2003-10-08	originally from cb@openbsd.org, adapted by provos	Nikolay Sturm
	itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@
2003-08-04	several diffs from Niels as applied to NetBSD	Nikolay Sturm
	monkey.org/NetBSD commit messages: - get rid of retarded CWD handling. CWD is fixed to the CWD of the systrace that started everything. - normalize file name function - normalize CWD for cases where CWD has a symlink in it. should solve problems where CWD policies would not match. - avoid warning due to name collision. - fixed contrived race condition during attachment; from marius@monkey.org itojun@ ok
2003-07-19	- sync with NetBSD or Niels' tarball where appropriate	Nikolay Sturm
	- keeps local changes - fixes a bug in profile feedback optimization and avoids symbol conflicts with errno - new feature: "ask" action itojun@ ok
2003-06-16	- limited number of processes per systrace	Jun-ichiro itojun Hagino
	- escape fixes for special characters markus, sturm ok. from provos
2003-05-17	pull in a bugfix from systrace-current to let systrace deal with creating	Nikolay Sturm
	directories correctly OK itojun@, thanks to niels for the help
2003-02-20	Fix a crash in the systrace found by form@	Artur Grabowski
	One is a kernel fix that changes the lockin and one is a userland fix that prevents dereferencing a freed pointer. From provos deraadt@ ok
2002-12-09	prevent the use of permit for aliases. from provos	Jun-ichiro itojun Hagino

2002-11-26	performance improvement by omitting a redundant getcwd.	Jun-ichiro itojun Hagino
	from provos
2002-11-12	fix bug in determining execve name. from provos	Jun-ichiro itojun Hagino

2002-10-17	little cleanup (intercept_getpid dies within the function on error).	Jun-ichiro itojun Hagino
	from provos
2002-10-16	support for privilege elevation.	Jun-ichiro itojun Hagino
	with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos
2002-10-09	predicates are part of the grammar now; in non-root case, predicates are	Jun-ichiro itojun Hagino
	evaluated only once; in root case, predicates and variable expansion are dynamic. from provos
2002-09-17	daemon should not change the directory. from provos	Jun-ichiro itojun Hagino

2002-09-06	standalone ; at top scope is illegal in ansi c	Theo de Raadt

2002-08-28	fix systrace with chroot. from provos	Jun-ichiro itojun Hagino

2002-08-08	if getcwd fails and we continue dont restcwd.	Niels Provos

2002-08-07	deal better with interrupted system calls	Niels Provos

2002-08-05	uid and gid are not guaranteed to be aligned on a register_t sized boundary.	Jason Wright
	Use a temporary location and then copy the value into place. provos ok.
2002-08-05	increase buffer size for getstring, useful for execve arguments.	Niels Provos
	intercept_filename deals better with symlinked last component lookups. change some translations to use unlinkname.
2002-08-04	keep track of ppid and allow matching rules to be logged via syslog.	Niels Provos

2002-08-02	performance improvement, reduces number of ioctl calls	Niels Provos

2002-08-01	correctly separate execve argv arguments. increase buffer size for	Niels Provos
	get_string
2002-08-01	the last component in a filename for unlink may be a symlink	Niels Provos

2002-07-30	sometimes no-return syscalls (execve) emit errno < 0. ignore them.	Jun-ichiro itojun Hagino

2002-07-30	solve a problem with realpath when the last component of the path is	Niels Provos
	a directory without S_IXUSR; tested by me and dugsong.
2002-07-22	add seqnr to message from kernel, userland needs to quote correct seqnr.	Niels Provos
	avoids problems where tsleep has been interrupted by a signal.
2002-07-19	constify, have missing prototypes, use pedantic compilation options.	Jun-ichiro itojun Hagino
	niels ok
2002-07-16	internal uid/gid tracking. permit can not detach systrace, useful for	Niels Provos
	sshd.
2002-07-12	some clean up. install argument replacements only if we are going to	Niels Provos
	permit the system call. translate some set[e]{g,u}id calls
2002-07-10	make it work with chroot	Niels Provos

2002-07-10	do not close fds in daemon.	Niels Provos

2002-07-09	allow systrace to run in the background if possible so that the executed	Niels Provos
	process gets the terminal correctly and exit status reporting works; based on a diff from atatat@atatdot.net from netbsd.
2002-07-09	support for system call aliasing. stat/fstat/readlink/access etc... gets	Niels Provos
	grouped into fsread, unlink/rmdir/mkdir goes to fswrite. open switches back between fsread and fswrite depending on oflags parameter.
2002-07-09	Potential off-by-five, ok provos@	Daniel Hartmeier

2002-07-07	missing error checks on strdup. from cloder@acm.org	Niels Provos

2002-06-28	KNF	Theo de Raadt

2002-06-21	rewrite all system call arguments in the permit case. use realpath	Niels Provos
	when we still have the root and we of the monitored process. this eliminates almost all race coniditions.
2002-06-19	more careful buffer handling; pointed out by deraadt@	Niels Provos

2002-06-10	support attaching to a running process; some code by fries@	Niels Provos

2002-06-04	complain about missing device only once. from deraadt@	Niels Provos