| Age | Commit message (Collapse) | Author |
|---|
|
with feedback from kettenis
|
|
the argv[0] would be normalized, and hence break scripts
that depend on how they were called.
this fixes an issue in the ports builds.
ok provos@ deraadt@; lots of testing during hackathon sturm@ naddy@
|
|
- add an exec message so that whenever a set-uid/gid process
exec's a new image which we may control, the exec does not
go by unnoticed.
- take special care to check for P_SUGIDEXEC as well as
P_SUGID, corresponding to the same changes that were made in
the ptrace code a while ago
ok niels@, sturm@; thanks to naddy for testing
|
|
itojun@ ok
fix a race condition between path resolution in userland
and the subsequent namei(): inform the kernel portion of
valid filenames and then disallow symlink lookups for
those filenames by means of a hook in namei().
with suggestions from provos@
also, add (currently unused) seqnr field to struct
systrace_replace, from provos@
|
|
monkey.org/NetBSD commit messages:
- get rid of retarded CWD handling. CWD is fixed to the CWD of the systrace
that started everything.
- normalize file name function
- normalize CWD for cases where CWD has a symlink in it. should solve
problems where CWD policies would not match.
- avoid warning due to name collision.
- fixed contrived race condition during attachment; from marius@monkey.org
itojun@ ok
|
|
- escape fixes for special characters
markus, sturm ok. from provos
|
|
One is a kernel fix that changes the lockin and one is a userland fix that
prevents dereferencing a freed pointer.
From provos
deraadt@ ok
|
|
|
|
from provos
|
|
with privilege elevation no suid or sgid binaries are necessary any
longer. Applications can be executed completely
unprivileged. Systrace raises the privileges for a single system call
depending on the configured policy.
Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.
from provos
|
|
evaluated only once; in root case, predicates and variable expansion are
dynamic.
from provos
|
|
|
|
|
|
avoids problems where tsleep has been interrupted by a signal.
|
|
niels ok
|
|
sshd.
|
|
permit the system call. translate some set[e]{g,u}id calls
|
|
process gets the terminal correctly and exit status reporting works;
based on a diff from atatat@atatdot.net from netbsd.
|
|
grouped into fsread, unlink/rmdir/mkdir goes to fswrite. open switches
back between fsread and fswrite depending on oflags parameter.
|
|
when we still have the root and we of the monitored process. this
eliminates almost all race coniditions.
|
|
|
|
|
