summaryrefslogtreecommitdiff
path: root/bin/systrace/systrace.c
AgeCommit message (Collapse)Author
2007-09-02use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsgTheo de Raadt
2006-07-02sync with systrace 1.6d, keeping local changesNikolay Sturm
tests and feedback by a few
2006-05-02some type cleanupNikolay Sturm
with feedback from kettenis
2006-04-26ARGSUSED and a FALLTHROUGH to please lintNikolay Sturm
ok deraadt
2006-03-18fix problems found by Coverity via NetBSD:Robert Nagy
- systrace.c: Don't try to dereference pw when it's NULL. Coverity CID 900 - parse.y: free allocated space on failure Coverity CID 1661 - policy.c: Change a return to "goto out" so that fclose will be called. Coverity CID 1881 ok sturm@, ray@
2005-05-03some snprintf() -> strlcpy to improve readibility (and speed?)Nikolay Sturm
from rohee@, ok millert@ before 3.7
2004-01-23support for cradle mode by marius at monkey.org; cradle mode allows theNikolay Sturm
systrace UI to be attached and re-attached, it also multiplexes across systrace process so that one UI can function as central notification from provos@, ok markus@
2004-01-07new command line option allows logging to stderr instead of syslogNikolay Sturm
"looks good" provos@, ok markus@
2003-10-18typos from Jared Yanovich;Jason McIntyre
2003-10-08originally from cb@openbsd.org, adapted by provosNikolay Sturm
itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@
2003-08-04several diffs from Niels as applied to NetBSDNikolay Sturm
monkey.org/NetBSD commit messages: - get rid of retarded CWD handling. CWD is fixed to the CWD of the systrace that started everything. - normalize file name function - normalize CWD for cases where CWD has a symlink in it. should solve problems where CWD policies would not match. - avoid warning due to name collision. - fixed contrived race condition during attachment; from marius@monkey.org itojun@ ok
2003-07-19- sync with NetBSD or Niels' tarball where appropriateNikolay Sturm
- keeps local changes - fixes a bug in profile feedback optimization and avoids symbol conflicts with errno - new feature: "ask" action itojun@ ok
2003-06-16- limited number of processes per systraceJun-ichiro itojun Hagino
- escape fixes for special characters markus, sturm ok. from provos
2002-12-12Allow the log directive to work for non-translated syscalls as well.Anil Madhavapeddy
provos ok
2002-12-11rename log->dolog, from thorpej@netbsd, ok provosAnil Madhavapeddy
2002-12-09add support for regular expressions and pidname translations. from provosJun-ichiro itojun Hagino
2002-10-28add missing "break". Alexander YurchenkoJun-ichiro itojun Hagino
2002-10-16support for privilege elevation.Jun-ichiro itojun Hagino
with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos
2002-10-09predicates are part of the grammar now; in non-root case, predicates areJun-ichiro itojun Hagino
evaluated only once; in root case, predicates and variable expansion are dynamic. from provos
2002-10-08"output" is a pointer of size "outlen", so use outlen instead ofJun-ichiro itojun Hagino
sizeof(output) From "Vincent Labrecque" <vincent@psyfreaks.ca>
2002-09-23support for templates. they allow fast generation of new policies. anJun-ichiro itojun Hagino
appropriate template can be inserted during initial policy generation. from provos
2002-09-17daemon should not change the directory. from provosJun-ichiro itojun Hagino
2002-09-16periodically save policies that have been modified. from provosJun-ichiro itojun Hagino
>here is a diff that will cause systrace to periodically save policies >that have been modified. Useful if you run systrace on an xterm and >kill it accidently. Or other applications like opera that are long >running and can cause weird crashes.
2002-08-05allow to specify an alternate directory for policy loading and writingNiels Provos
2002-08-04keep track of ppid and allow matching rules to be logged via syslog.Niels Provos
2002-07-30SPLAY_INSERT is a void functionJun-ichiro itojun Hagino
2002-07-19constify, have missing prototypes, use pedantic compilation options.Jun-ichiro itojun Hagino
niels ok
2002-07-17on detach or kill do not do argument replacementNiels Provos
2002-07-16internal uid/gid tracking. permit can not detach systrace, useful forNiels Provos
sshd.
2002-07-12some clean up. install argument replacements only if we are going toNiels Provos
permit the system call. translate some set[e]{g,u}id calls
2002-07-11cleanupNiels Provos
2002-07-10add fchmod translationNiels Provos
2002-07-10do not close fds in daemon.Niels Provos
2002-07-09allow systrace to run in the background if possible so that the executedNiels Provos
process gets the terminal correctly and exit status reporting works; based on a diff from atatat@atatdot.net from netbsd.
2002-07-09support for system call aliasing. stat/fstat/readlink/access etc... getsNiels Provos
grouped into fsread, unlink/rmdir/mkdir goes to fswrite. open switches back between fsread and fswrite depending on oflags parameter.
2002-06-22replace argument only if it is not copied in the kernel already (has lengthNiels Provos
> 0)
2002-06-21rewrite all system call arguments in the permit case. use realpathNiels Provos
when we still have the root and we of the monitored process. this eliminates almost all race coniditions.
2002-06-19more careful buffer handling; pointed out by deraadt@Niels Provos
2002-06-18string.hTheo de Raadt
2002-06-12gui needs to be started after child has been forked to prevent fds fromNiels Provos
being inherited and stdout/stdin from being mangled; from xs@kittenz.org
2002-06-11kill err(3) newlines; ok provos@Jason Peel
2002-06-10support attaching to a running process; some code by fries@Niels Provos
2002-06-05support simple predicates to prefix rules. Allows global policies to beNiels Provos
different for different users.
2002-06-05dump policies only if user policy is specified.Niels Provos
2002-06-05introduce an automatic policy generation mode. it creates a policy basedNiels Provos
on what the application tries to do. the policy can be refined further on.
2002-06-05know about CWD. will make some filter rules simpler.Niels Provos
2002-06-04log offending syscalls to syslog in automatic mode. dugsong@Niels Provos
2002-06-04add flag to ignore user specified policiesNiels Provos
2002-06-04usage; fries@Niels Provos
2002-06-04guipath for getoptNiels Provos