| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-01-23 | support for cradle mode by marius at monkey.org; cradle mode allows the | Nikolay Sturm | |
| systrace UI to be attached and re-attached, it also multiplexes across systrace process so that one UI can function as central notification from provos@, ok markus@ | |||
| 2003-10-08 | originally from cb@openbsd.org, adapted by provos | Nikolay Sturm | |
| itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@ | |||
| 2003-07-19 | - sync with NetBSD or Niels' tarball where appropriate | Nikolay Sturm | |
| - keeps local changes - fixes a bug in profile feedback optimization and avoids symbol conflicts with errno - new feature: "ask" action itojun@ ok | |||
| 2003-06-16 | - limited number of processes per systrace | Jun-ichiro itojun Hagino | |
| - escape fixes for special characters markus, sturm ok. from provos | |||
| 2003-05-29 | >permit numberic values for uid and gid; allow "<" and ">" for less and | Jun-ichiro itojun Hagino | |
| >greate; requested by dugsong@, strum ok | |||
| 2002-12-09 | add support for regular expressions and pidname translations. from provos | Jun-ichiro itojun Hagino | |
| 2002-11-16 | rename translation tables. from provos | Jun-ichiro itojun Hagino | |
| 2002-10-16 | support for privilege elevation. | Jun-ichiro itojun Hagino | |
| with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos | |||
| 2002-10-16 | translation for socket system call | Jun-ichiro itojun Hagino | |
| from provos | |||
| 2002-10-09 | predicates are part of the grammar now; in non-root case, predicates are | Jun-ichiro itojun Hagino | |
| evaluated only once; in root case, predicates and variable expansion are dynamic. from provos | |||
| 2002-09-23 | support for templates. they allow fast generation of new policies. an | Jun-ichiro itojun Hagino | |
| appropriate template can be inserted during initial policy generation. from provos | |||
| 2002-08-05 | allow to specify an alternate directory for policy loading and writing | Niels Provos | |
| 2002-08-04 | keep track of ppid and allow matching rules to be logged via syslog. | Niels Provos | |
| 2002-07-30 | avoid using same variable name for global and auto variable. | Jun-ichiro itojun Hagino | |
| 2002-07-19 | constify, have missing prototypes, use pedantic compilation options. | Jun-ichiro itojun Hagino | |
| niels ok | |||
| 2002-07-16 | internal uid/gid tracking. permit can not detach systrace, useful for | Niels Provos | |
| sshd. | |||
| 2002-07-14 | argv translation for exeve | Niels Provos | |
| 2002-07-13 | uname translation | Niels Provos | |
| 2002-07-11 | cleanup | Niels Provos | |
| 2002-07-09 | support for system call aliasing. stat/fstat/readlink/access etc... gets | Niels Provos | |
| grouped into fsread, unlink/rmdir/mkdir goes to fswrite. open switches back between fsread and fswrite depending on oflags parameter. | |||
| 2002-06-07 | use profiling to order filter lists more optimally. | Niels Provos | |
| 2002-06-04 | log offending syscalls to syslog in automatic mode. dugsong@ | Niels Provos | |
| 2002-06-04 | explicit path for notification tool xsystrace. | Niels Provos | |
| 2002-06-04 | KNF | Theo de Raadt | |
| 2002-06-04 | initial import of systrace. don't touch this, more stuff coming in a while | Niels Provos | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |