Age | Commit message (Collapse) | Author | |
---|---|---|---|
2007-09-02 | use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg | Theo de Raadt | |
2006-07-02 | sync with systrace 1.6d, keeping local changes | Nikolay Sturm | |
tests and feedback by a few | |||
2006-05-02 | some type cleanup | Nikolay Sturm | |
with feedback from kettenis | |||
2006-04-26 | ARGSUSED and a FALLTHROUGH to please lint | Nikolay Sturm | |
ok deraadt | |||
2006-03-18 | fix problems found by Coverity via NetBSD: | Robert Nagy | |
- systrace.c: Don't try to dereference pw when it's NULL. Coverity CID 900 - parse.y: free allocated space on failure Coverity CID 1661 - policy.c: Change a return to "goto out" so that fclose will be called. Coverity CID 1881 ok sturm@, ray@ | |||
2005-05-03 | some snprintf() -> strlcpy to improve readibility (and speed?) | Nikolay Sturm | |
from rohee@, ok millert@ before 3.7 | |||
2004-01-23 | support for cradle mode by marius at monkey.org; cradle mode allows the | Nikolay Sturm | |
systrace UI to be attached and re-attached, it also multiplexes across systrace process so that one UI can function as central notification from provos@, ok markus@ | |||
2004-01-07 | new command line option allows logging to stderr instead of syslog | Nikolay Sturm | |
"looks good" provos@, ok markus@ | |||
2003-10-18 | typos from Jared Yanovich; | Jason McIntyre | |
2003-10-08 | originally from cb@openbsd.org, adapted by provos | Nikolay Sturm | |
itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@ | |||
2003-08-04 | several diffs from Niels as applied to NetBSD | Nikolay Sturm | |
monkey.org/NetBSD commit messages: - get rid of retarded CWD handling. CWD is fixed to the CWD of the systrace that started everything. - normalize file name function - normalize CWD for cases where CWD has a symlink in it. should solve problems where CWD policies would not match. - avoid warning due to name collision. - fixed contrived race condition during attachment; from marius@monkey.org itojun@ ok | |||
2003-07-19 | - sync with NetBSD or Niels' tarball where appropriate | Nikolay Sturm | |
- keeps local changes - fixes a bug in profile feedback optimization and avoids symbol conflicts with errno - new feature: "ask" action itojun@ ok | |||
2003-06-16 | - limited number of processes per systrace | Jun-ichiro itojun Hagino | |
- escape fixes for special characters markus, sturm ok. from provos | |||
2002-12-12 | Allow the log directive to work for non-translated syscalls as well. | Anil Madhavapeddy | |
provos ok | |||
2002-12-11 | rename log->dolog, from thorpej@netbsd, ok provos | Anil Madhavapeddy | |
2002-12-09 | add support for regular expressions and pidname translations. from provos | Jun-ichiro itojun Hagino | |
2002-10-28 | add missing "break". Alexander Yurchenko | Jun-ichiro itojun Hagino | |
2002-10-16 | support for privilege elevation. | Jun-ichiro itojun Hagino | |
with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos | |||
2002-10-09 | predicates are part of the grammar now; in non-root case, predicates are | Jun-ichiro itojun Hagino | |
evaluated only once; in root case, predicates and variable expansion are dynamic. from provos | |||
2002-10-08 | "output" is a pointer of size "outlen", so use outlen instead of | Jun-ichiro itojun Hagino | |
sizeof(output) From "Vincent Labrecque" <vincent@psyfreaks.ca> | |||
2002-09-23 | support for templates. they allow fast generation of new policies. an | Jun-ichiro itojun Hagino | |
appropriate template can be inserted during initial policy generation. from provos | |||
2002-09-17 | daemon should not change the directory. from provos | Jun-ichiro itojun Hagino | |
2002-09-16 | periodically save policies that have been modified. from provos | Jun-ichiro itojun Hagino | |
>here is a diff that will cause systrace to periodically save policies >that have been modified. Useful if you run systrace on an xterm and >kill it accidently. Or other applications like opera that are long >running and can cause weird crashes. | |||
2002-08-05 | allow to specify an alternate directory for policy loading and writing | Niels Provos | |
2002-08-04 | keep track of ppid and allow matching rules to be logged via syslog. | Niels Provos | |
2002-07-30 | SPLAY_INSERT is a void function | Jun-ichiro itojun Hagino | |
2002-07-19 | constify, have missing prototypes, use pedantic compilation options. | Jun-ichiro itojun Hagino | |
niels ok | |||
2002-07-17 | on detach or kill do not do argument replacement | Niels Provos | |
2002-07-16 | internal uid/gid tracking. permit can not detach systrace, useful for | Niels Provos | |
sshd. | |||
2002-07-12 | some clean up. install argument replacements only if we are going to | Niels Provos | |
permit the system call. translate some set[e]{g,u}id calls | |||
2002-07-11 | cleanup | Niels Provos | |
2002-07-10 | add fchmod translation | Niels Provos | |
2002-07-10 | do not close fds in daemon. | Niels Provos | |
2002-07-09 | allow systrace to run in the background if possible so that the executed | Niels Provos | |
process gets the terminal correctly and exit status reporting works; based on a diff from atatat@atatdot.net from netbsd. | |||
2002-07-09 | support for system call aliasing. stat/fstat/readlink/access etc... gets | Niels Provos | |
grouped into fsread, unlink/rmdir/mkdir goes to fswrite. open switches back between fsread and fswrite depending on oflags parameter. | |||
2002-06-22 | replace argument only if it is not copied in the kernel already (has length | Niels Provos | |
> 0) | |||
2002-06-21 | rewrite all system call arguments in the permit case. use realpath | Niels Provos | |
when we still have the root and we of the monitored process. this eliminates almost all race coniditions. | |||
2002-06-19 | more careful buffer handling; pointed out by deraadt@ | Niels Provos | |
2002-06-18 | string.h | Theo de Raadt | |
2002-06-12 | gui needs to be started after child has been forked to prevent fds from | Niels Provos | |
being inherited and stdout/stdin from being mangled; from xs@kittenz.org | |||
2002-06-11 | kill err(3) newlines; ok provos@ | Jason Peel | |
2002-06-10 | support attaching to a running process; some code by fries@ | Niels Provos | |
2002-06-05 | support simple predicates to prefix rules. Allows global policies to be | Niels Provos | |
different for different users. | |||
2002-06-05 | dump policies only if user policy is specified. | Niels Provos | |
2002-06-05 | introduce an automatic policy generation mode. it creates a policy based | Niels Provos | |
on what the application tries to do. the policy can be refined further on. | |||
2002-06-05 | know about CWD. will make some filter rules simpler. | Niels Provos | |
2002-06-04 | log offending syscalls to syslog in automatic mode. dugsong@ | Niels Provos | |
2002-06-04 | add flag to ignore user specified policies | Niels Provos | |
2002-06-04 | usage; fries@ | Niels Provos | |
2002-06-04 | guipath for getopt | Niels Provos | |