summaryrefslogtreecommitdiff
path: root/bin/systrace
AgeCommit message (Collapse)Author
2003-02-20Fix a crash in the systrace found by form@Artur Grabowski
One is a kernel fix that changes the lockin and one is a userland fix that prevents dereferencing a freed pointer. From provos deraadt@ ok
2003-02-18intial -> initial;Jason McIntyre
the great intial witch hunt, as prompted by tdeval@ os-aix-dso.c: ok henning@ ab.C: ok drahn@
2002-12-12Allow the log directive to work for non-translated syscalls as well.Anil Madhavapeddy
provos ok
2002-12-11rename log->dolog, from thorpej@netbsd, ok provosAnil Madhavapeddy
2002-12-09Restriction that -c args must be numeric. Motivation on privilege elevation.Ian Darwin
Environment variables (HOME,USER,CWD). File name details. Style fixes. ok provos@
2002-12-09add support for regular expressions and pidname translations. from provosJun-ichiro itojun Hagino
2002-12-09better parsing of # comments. from provosJun-ichiro itojun Hagino
2002-12-09prevent the use of permit for aliases. from provosJun-ichiro itojun Hagino
2002-12-05spelling; niels ok.Federico G. Schwindt
2002-12-04rename to a new ioctlMichael Shalayeff
2002-11-26avoid symbol conflict with "errno"Jun-ichiro itojun Hagino
2002-11-26performance improvement by omitting a redundant getcwd.Jun-ichiro itojun Hagino
from provos
2002-11-26error should go to stderr. from provosJun-ichiro itojun Hagino
2002-11-16rename translation tables. from provosJun-ichiro itojun Hagino
2002-11-15no need to check trans_size. from provosJun-ichiro itojun Hagino
2002-11-12fix bug in determining execve name. from provosJun-ichiro itojun Hagino
2002-10-31typo, reported by avsm@openbsdJun-ichiro itojun Hagino
2002-10-28add missing "break". Alexander YurchenkoJun-ichiro itojun Hagino
2002-10-17little cleanup (intercept_getpid dies within the function on error).Jun-ichiro itojun Hagino
from provos
2002-10-16support for privilege elevation.Jun-ichiro itojun Hagino
with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos
2002-10-16translation for socket system callJun-ichiro itojun Hagino
from provos
2002-10-16correctly evaluate group predicates.Jun-ichiro itojun Hagino
afrom provos
2002-10-09predicates are part of the grammar now; in non-root case, predicates areJun-ichiro itojun Hagino
evaluated only once; in root case, predicates and variable expansion are dynamic. from provos
2002-10-08"output" is a pointer of size "outlen", so use outlen instead ofJun-ichiro itojun Hagino
sizeof(output) From "Vincent Labrecque" <vincent@psyfreaks.ca>
2002-10-08assume that inserting a template implies permit for the currentJun-ichiro itojun Hagino
syscall from provos
2002-09-30fix return value; from marius@umich.edu via provosJun-ichiro itojun Hagino
2002-09-23support for templates. they allow fast generation of new policies. anJun-ichiro itojun Hagino
appropriate template can be inserted during initial policy generation. from provos
2002-09-17split white space and single line policy processing into separateJun-ichiro itojun Hagino
functions. from provos
2002-09-17daemon should not change the directory. from provosJun-ichiro itojun Hagino
2002-09-16periodically save policies that have been modified. from provosJun-ichiro itojun Hagino
>here is a diff that will cause systrace to periodically save policies >that have been modified. Useful if you run systrace on an xterm and >kill it accidently. Or other applications like opera that are long >running and can cause weird crashes.
2002-09-06standalone ; at top scope is illegal in ansi cTheo de Raadt
2002-08-30allow # in system call name. remove trailing white space.Jun-ichiro itojun Hagino
from provos
2002-08-28avoid symbol conflict (errno)Jun-ichiro itojun Hagino
2002-08-28fix systrace with chroot. from provosJun-ichiro itojun Hagino
2002-08-08no \n in errNiels Provos
2002-08-08if getcwd fails and we continue dont restcwd.Niels Provos
2002-08-07deal better with interrupted system callsNiels Provos
2002-08-07typoVincent Labrecque
ok provos@
2002-08-05allow to specify an alternate directory for policy loading and writingNiels Provos
2002-08-05uid and gid are not guaranteed to be aligned on a register_t sized boundary.Jason Wright
Use a temporary location and then copy the value into place. provos ok.
2002-08-05increase buffer size for getstring, useful for execve arguments.Niels Provos
intercept_filename deals better with symlinked last component lookups. change some translations to use unlinkname.
2002-08-05different translation for lstatNiels Provos
2002-08-04keep track of ppid and allow matching rules to be logged via syslog.Niels Provos
2002-08-02performance improvement, reduces number of ioctl callsNiels Provos
2002-08-01correctly separate execve argv arguments. increase buffer size forNiels Provos
get_string
2002-08-01the last component in a filename for unlink may be a symlinkNiels Provos
2002-07-31bring in doc updates from netbsd. niels okJun-ichiro itojun Hagino
2002-07-30obey section order to mandoc. sync with netbsd.Jun-ichiro itojun Hagino
2002-07-30use NmJun-ichiro itojun Hagino
2002-07-30sometimes no-return syscalls (execve) emit errno < 0. ignore them.Jun-ichiro itojun Hagino
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-20 09:16:04 +0000