Age | Commit message (Collapse) | Author | |
---|---|---|---|
2002-12-12 | Allow the log directive to work for non-translated syscalls as well. | Anil Madhavapeddy | |
provos ok | |||
2002-12-11 | rename log->dolog, from thorpej@netbsd, ok provos | Anil Madhavapeddy | |
2002-12-09 | add support for regular expressions and pidname translations. from provos | Jun-ichiro itojun Hagino | |
2002-10-28 | add missing "break". Alexander Yurchenko | Jun-ichiro itojun Hagino | |
2002-10-16 | support for privilege elevation. | Jun-ichiro itojun Hagino | |
with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos | |||
2002-10-09 | predicates are part of the grammar now; in non-root case, predicates are | Jun-ichiro itojun Hagino | |
evaluated only once; in root case, predicates and variable expansion are dynamic. from provos | |||
2002-10-08 | "output" is a pointer of size "outlen", so use outlen instead of | Jun-ichiro itojun Hagino | |
sizeof(output) From "Vincent Labrecque" <vincent@psyfreaks.ca> | |||
2002-09-23 | support for templates. they allow fast generation of new policies. an | Jun-ichiro itojun Hagino | |
appropriate template can be inserted during initial policy generation. from provos | |||
2002-09-17 | daemon should not change the directory. from provos | Jun-ichiro itojun Hagino | |
2002-09-16 | periodically save policies that have been modified. from provos | Jun-ichiro itojun Hagino | |
>here is a diff that will cause systrace to periodically save policies >that have been modified. Useful if you run systrace on an xterm and >kill it accidently. Or other applications like opera that are long >running and can cause weird crashes. | |||
2002-08-05 | allow to specify an alternate directory for policy loading and writing | Niels Provos | |
2002-08-04 | keep track of ppid and allow matching rules to be logged via syslog. | Niels Provos | |
2002-07-30 | SPLAY_INSERT is a void function | Jun-ichiro itojun Hagino | |
2002-07-19 | constify, have missing prototypes, use pedantic compilation options. | Jun-ichiro itojun Hagino | |
niels ok | |||
2002-07-17 | on detach or kill do not do argument replacement | Niels Provos | |
2002-07-16 | internal uid/gid tracking. permit can not detach systrace, useful for | Niels Provos | |
sshd. | |||
2002-07-12 | some clean up. install argument replacements only if we are going to | Niels Provos | |
permit the system call. translate some set[e]{g,u}id calls | |||
2002-07-11 | cleanup | Niels Provos | |
2002-07-10 | add fchmod translation | Niels Provos | |
2002-07-10 | do not close fds in daemon. | Niels Provos | |
2002-07-09 | allow systrace to run in the background if possible so that the executed | Niels Provos | |
process gets the terminal correctly and exit status reporting works; based on a diff from atatat@atatdot.net from netbsd. | |||
2002-07-09 | support for system call aliasing. stat/fstat/readlink/access etc... gets | Niels Provos | |
grouped into fsread, unlink/rmdir/mkdir goes to fswrite. open switches back between fsread and fswrite depending on oflags parameter. | |||
2002-06-22 | replace argument only if it is not copied in the kernel already (has length | Niels Provos | |
> 0) | |||
2002-06-21 | rewrite all system call arguments in the permit case. use realpath | Niels Provos | |
when we still have the root and we of the monitored process. this eliminates almost all race coniditions. | |||
2002-06-19 | more careful buffer handling; pointed out by deraadt@ | Niels Provos | |
2002-06-18 | string.h | Theo de Raadt | |
2002-06-12 | gui needs to be started after child has been forked to prevent fds from | Niels Provos | |
being inherited and stdout/stdin from being mangled; from xs@kittenz.org | |||
2002-06-11 | kill err(3) newlines; ok provos@ | Jason Peel | |
2002-06-10 | support attaching to a running process; some code by fries@ | Niels Provos | |
2002-06-05 | support simple predicates to prefix rules. Allows global policies to be | Niels Provos | |
different for different users. | |||
2002-06-05 | dump policies only if user policy is specified. | Niels Provos | |
2002-06-05 | introduce an automatic policy generation mode. it creates a policy based | Niels Provos | |
on what the application tries to do. the policy can be refined further on. | |||
2002-06-05 | know about CWD. will make some filter rules simpler. | Niels Provos | |
2002-06-04 | log offending syscalls to syslog in automatic mode. dugsong@ | Niels Provos | |
2002-06-04 | add flag to ignore user specified policies | Niels Provos | |
2002-06-04 | usage; fries@ | Niels Provos | |
2002-06-04 | guipath for getopt | Niels Provos | |
2002-06-04 | explicit path for notification tool xsystrace. | Niels Provos | |
2002-06-04 | complain about missing device only once. from deraadt@ | Niels Provos | |
2002-06-04 | KNF | Theo de Raadt | |
2002-06-04 | __FUNCTION__ -> __func__ from espie@ | Niels Provos | |
2002-06-04 | initial import of systrace. don't touch this, more stuff coming in a while | Niels Provos | |