summaryrefslogtreecommitdiff
path: root/bin/systrace
AgeCommit message (Collapse)Author
2003-07-19- sync with NetBSD or Niels' tarball where appropriateNikolay Sturm
- keeps local changes - fixes a bug in profile feedback optimization and avoids symbol conflicts with errno - new feature: "ask" action itojun@ ok
2003-06-24decruftMichael Shalayeff
2003-06-19remove unused code which allocated useless memory (which was not freed)Peter Valchev
ok provos itojun
2003-06-16- limited number of processes per systraceJun-ichiro itojun Hagino
- escape fixes for special characters markus, sturm ok. from provos
2003-06-02prevents systrace from referencing freed memory; provosJun-ichiro itojun Hagino
2003-05-29>permit numberic values for uid and gid; allow "<" and ">" for less andJun-ichiro itojun Hagino
>greate; requested by dugsong@, strum ok
2003-05-17pull in a bugfix from systrace-current to let systrace deal with creatingNikolay Sturm
directories correctly OK itojun@, thanks to niels for the help
2003-04-24fix for EOF in interactive policy generation.Mike Pechkin
millert@ provos@
2003-04-17use asprintf; fix (remove) some incorrectly sized buffers in the processPeter Valchev
help & ok millert, miod, deraadt, tedu
2003-04-14room for NUL; tdevalTheo de Raadt
2003-04-06strlcpy; tedu okTheo de Raadt
2003-03-28little cleanup;Jason McIntyre
systrace(1) ok provos@
2003-02-20Fix a crash in the systrace found by form@Artur Grabowski
One is a kernel fix that changes the lockin and one is a userland fix that prevents dereferencing a freed pointer. From provos deraadt@ ok
2003-02-18intial -> initial;Jason McIntyre
the great intial witch hunt, as prompted by tdeval@ os-aix-dso.c: ok henning@ ab.C: ok drahn@
2002-12-12Allow the log directive to work for non-translated syscalls as well.Anil Madhavapeddy
provos ok
2002-12-11rename log->dolog, from thorpej@netbsd, ok provosAnil Madhavapeddy
2002-12-09Restriction that -c args must be numeric. Motivation on privilege elevation.Ian Darwin
Environment variables (HOME,USER,CWD). File name details. Style fixes. ok provos@
2002-12-09add support for regular expressions and pidname translations. from provosJun-ichiro itojun Hagino
2002-12-09better parsing of # comments. from provosJun-ichiro itojun Hagino
2002-12-09prevent the use of permit for aliases. from provosJun-ichiro itojun Hagino
2002-12-05spelling; niels ok.Federico G. Schwindt
2002-12-04rename to a new ioctlMichael Shalayeff
2002-11-26avoid symbol conflict with "errno"Jun-ichiro itojun Hagino
2002-11-26performance improvement by omitting a redundant getcwd.Jun-ichiro itojun Hagino
from provos
2002-11-26error should go to stderr. from provosJun-ichiro itojun Hagino
2002-11-16rename translation tables. from provosJun-ichiro itojun Hagino
2002-11-15no need to check trans_size. from provosJun-ichiro itojun Hagino
2002-11-12fix bug in determining execve name. from provosJun-ichiro itojun Hagino
2002-10-31typo, reported by avsm@openbsdJun-ichiro itojun Hagino
2002-10-28add missing "break". Alexander YurchenkoJun-ichiro itojun Hagino
2002-10-17little cleanup (intercept_getpid dies within the function on error).Jun-ichiro itojun Hagino
from provos
2002-10-16support for privilege elevation.Jun-ichiro itojun Hagino
with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos
2002-10-16translation for socket system callJun-ichiro itojun Hagino
from provos
2002-10-16correctly evaluate group predicates.Jun-ichiro itojun Hagino
afrom provos
2002-10-09predicates are part of the grammar now; in non-root case, predicates areJun-ichiro itojun Hagino
evaluated only once; in root case, predicates and variable expansion are dynamic. from provos
2002-10-08"output" is a pointer of size "outlen", so use outlen instead ofJun-ichiro itojun Hagino
sizeof(output) From "Vincent Labrecque" <vincent@psyfreaks.ca>
2002-10-08assume that inserting a template implies permit for the currentJun-ichiro itojun Hagino
syscall from provos
2002-09-30fix return value; from marius@umich.edu via provosJun-ichiro itojun Hagino
2002-09-23support for templates. they allow fast generation of new policies. anJun-ichiro itojun Hagino
appropriate template can be inserted during initial policy generation. from provos
2002-09-17split white space and single line policy processing into separateJun-ichiro itojun Hagino
functions. from provos
2002-09-17daemon should not change the directory. from provosJun-ichiro itojun Hagino
2002-09-16periodically save policies that have been modified. from provosJun-ichiro itojun Hagino
>here is a diff that will cause systrace to periodically save policies >that have been modified. Useful if you run systrace on an xterm and >kill it accidently. Or other applications like opera that are long >running and can cause weird crashes.
2002-09-06standalone ; at top scope is illegal in ansi cTheo de Raadt
2002-08-30allow # in system call name. remove trailing white space.Jun-ichiro itojun Hagino
from provos
2002-08-28avoid symbol conflict (errno)Jun-ichiro itojun Hagino
2002-08-28fix systrace with chroot. from provosJun-ichiro itojun Hagino
2002-08-08no \n in errNiels Provos
2002-08-08if getcwd fails and we continue dont restcwd.Niels Provos
2002-08-07deal better with interrupted system callsNiels Provos
2002-08-07typoVincent Labrecque
ok provos@
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 14:31:32 +0000