src - OpenBSD base system

Age	Commit message (Collapse)	Author
2015-10-01	Eliminate the last of the LINTEDn and PRINTFLIKEn comments. In one	Philip Guenther
	case, by deleting some useless '& of an array' we also eliminate the need for the casts which prompted the original lint warnings ok deraadt@
2015-01-16	move to PATH_MAX, etc; normalize includes for life in the <limits.h> universe	Theo de Raadt
	ok guenther millert
2014-07-20	Make sure the correct errno is reported by warn* or err* and not	Philip Guenther
	the errno of an intervening cleanup operation like close/unlink/etc. Diff from Doug Hogan (doug (at) acyclic.org)
2014-04-24	calloc is better. from Peter Malone	Ted Unangst

2012-12-04	remove some unnecessary sys/param.h inclusions	Theo de Raadt

2012-08-23	Reopen the systrace file in the process that will actually attach to the	Philip Guenthe
	target process(es), so that systrace files can be made unsharable. ok djm@
2011-10-18	Bump intercept_get_string() internal buffer to allow strings up to	Matthew Dempsky
	ARG_MAX long, so that ic_trargv can execute reliably. Thanks to Olivier Cherrier for reporting and helping to diagnose the problem. ok deraadt@
2011-09-18	Add support for *at(2) system calls to systrace(1).	Matthew Dempsky
	ok deraadt@, sthen@, jasper@
2010-04-20	fix trailing slashes in filenames behavior by not fixing it in systrace.	Ted Unangst
	code from netbsd. ok deraadt
2007-06-15	keep trailing slashes in path normalization, as these might result in	Nikolay Sturm
	errors otherwise hidden by systrace noticed by naddy, ok ray on an earlier version of this diff
2007-05-15	don't assume 4-byte aligned memory when intercepting a string	Nikolay Sturm
	this should get rid of systrace: intercept_get_string: ioctl: Invalid argument no objections from provos, ok otto
2006-09-19	Use S_IS* macros insted of masking with S_IF* flags. The latter may	Otto Moerbeek
	have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@
2006-07-02	sync with systrace 1.6d, keeping local changes	Nikolay Sturm
	tests and feedback by a few
2006-04-26	ARGSUSED and a FALLTHROUGH to please lint	Nikolay Sturm
	ok deraadt
2006-03-06	convert permanent privilege revocation to use setresuid/setresgid;	Damien Miller
	ok henning@
2004-07-07	fix an issue when scripts are exec'd under systrace where	marius eriksen
	the argv[0] would be normalized, and hence break scripts that depend on how they were called. this fixes an issue in the ports builds. ok provos@ deraadt@; lots of testing during hackathon sturm@ naddy@
2004-06-24	if we have detached after an exec, bail out early, and avoid a double free.	marius eriksen
	ok provos@, "works fine" sturm@
2004-06-23	a few fixes to systrace	marius eriksen
	- add an exec message so that whenever a set-uid/gid process exec's a new image which we may control, the exec does not go by unnoticed. - take special care to check for P_SUGIDEXEC as well as P_SUGID, corresponding to the same changes that were made in the ptrace code a while ago ok niels@, sturm@; thanks to naddy for testing
2004-03-30	if a string considered a filename is too long, don't exit but just let	Nikolay Sturm
	the syscall fail, it might not actually be a filename fixes pr 3140, ok provos@
2004-01-30	The empty filename does not receive normalization.	Nikolay Sturm
	System calls are supposed to fail on it. from provos@, ok markus@
2003-10-18	typos from Jared Yanovich;	Jason McIntyre

2003-10-08	originally from cb@openbsd.org, adapted by provos	Nikolay Sturm
	itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@
2003-08-04	several diffs from Niels as applied to NetBSD	Nikolay Sturm
	monkey.org/NetBSD commit messages: - get rid of retarded CWD handling. CWD is fixed to the CWD of the systrace that started everything. - normalize file name function - normalize CWD for cases where CWD has a symlink in it. should solve problems where CWD policies would not match. - avoid warning due to name collision. - fixed contrived race condition during attachment; from marius@monkey.org itojun@ ok
2003-07-19	- sync with NetBSD or Niels' tarball where appropriate	Nikolay Sturm
	- keeps local changes - fixes a bug in profile feedback optimization and avoids symbol conflicts with errno - new feature: "ask" action itojun@ ok
2003-06-16	- limited number of processes per systrace	Jun-ichiro itojun Hagino
	- escape fixes for special characters markus, sturm ok. from provos
2003-05-17	pull in a bugfix from systrace-current to let systrace deal with creating	Nikolay Sturm
	directories correctly OK itojun@, thanks to niels for the help
2003-02-20	Fix a crash in the systrace found by form@	Artur Grabowski
	One is a kernel fix that changes the lockin and one is a userland fix that prevents dereferencing a freed pointer. From provos deraadt@ ok
2002-12-09	prevent the use of permit for aliases. from provos	Jun-ichiro itojun Hagino

2002-11-26	performance improvement by omitting a redundant getcwd.	Jun-ichiro itojun Hagino
	from provos
2002-11-12	fix bug in determining execve name. from provos	Jun-ichiro itojun Hagino

2002-10-17	little cleanup (intercept_getpid dies within the function on error).	Jun-ichiro itojun Hagino
	from provos
2002-10-16	support for privilege elevation.	Jun-ichiro itojun Hagino
	with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos
2002-10-09	predicates are part of the grammar now; in non-root case, predicates are	Jun-ichiro itojun Hagino
	evaluated only once; in root case, predicates and variable expansion are dynamic. from provos
2002-09-17	daemon should not change the directory. from provos	Jun-ichiro itojun Hagino

2002-09-06	standalone ; at top scope is illegal in ansi c	Theo de Raadt

2002-08-28	fix systrace with chroot. from provos	Jun-ichiro itojun Hagino

2002-08-08	if getcwd fails and we continue dont restcwd.	Niels Provos

2002-08-07	deal better with interrupted system calls	Niels Provos

2002-08-05	uid and gid are not guaranteed to be aligned on a register_t sized boundary.	Jason Wright
	Use a temporary location and then copy the value into place. provos ok.
2002-08-05	increase buffer size for getstring, useful for execve arguments.	Niels Provos
	intercept_filename deals better with symlinked last component lookups. change some translations to use unlinkname.
2002-08-04	keep track of ppid and allow matching rules to be logged via syslog.	Niels Provos

2002-08-02	performance improvement, reduces number of ioctl calls	Niels Provos

2002-08-01	correctly separate execve argv arguments. increase buffer size for	Niels Provos
	get_string
2002-08-01	the last component in a filename for unlink may be a symlink	Niels Provos

2002-07-30	sometimes no-return syscalls (execve) emit errno < 0. ignore them.	Jun-ichiro itojun Hagino

2002-07-30	solve a problem with realpath when the last component of the path is	Niels Provos
	a directory without S_IXUSR; tested by me and dugsong.
2002-07-22	add seqnr to message from kernel, userland needs to quote correct seqnr.	Niels Provos
	avoids problems where tsleep has been interrupted by a signal.
2002-07-19	constify, have missing prototypes, use pedantic compilation options.	Jun-ichiro itojun Hagino
	niels ok
2002-07-16	internal uid/gid tracking. permit can not detach systrace, useful for	Niels Provos
	sshd.
2002-07-12	some clean up. install argument replacements only if we are going to	Niels Provos
	permit the system call. translate some set[e]{g,u}id calls