summaryrefslogtreecommitdiff
path: root/bin/systrace
AgeCommit message (Collapse)Author
2002-10-09predicates are part of the grammar now; in non-root case, predicates areJun-ichiro itojun Hagino
evaluated only once; in root case, predicates and variable expansion are dynamic. from provos
2002-10-08"output" is a pointer of size "outlen", so use outlen instead ofJun-ichiro itojun Hagino
sizeof(output) From "Vincent Labrecque" <vincent@psyfreaks.ca>
2002-10-08assume that inserting a template implies permit for the currentJun-ichiro itojun Hagino
syscall from provos
2002-09-30fix return value; from marius@umich.edu via provosJun-ichiro itojun Hagino
2002-09-23support for templates. they allow fast generation of new policies. anJun-ichiro itojun Hagino
appropriate template can be inserted during initial policy generation. from provos
2002-09-17split white space and single line policy processing into separateJun-ichiro itojun Hagino
functions. from provos
2002-09-17daemon should not change the directory. from provosJun-ichiro itojun Hagino
2002-09-16periodically save policies that have been modified. from provosJun-ichiro itojun Hagino
>here is a diff that will cause systrace to periodically save policies >that have been modified. Useful if you run systrace on an xterm and >kill it accidently. Or other applications like opera that are long >running and can cause weird crashes.
2002-09-06standalone ; at top scope is illegal in ansi cTheo de Raadt
2002-08-30allow # in system call name. remove trailing white space.Jun-ichiro itojun Hagino
from provos
2002-08-28avoid symbol conflict (errno)Jun-ichiro itojun Hagino
2002-08-28fix systrace with chroot. from provosJun-ichiro itojun Hagino
2002-08-08no \n in errNiels Provos
2002-08-08if getcwd fails and we continue dont restcwd.Niels Provos
2002-08-07deal better with interrupted system callsNiels Provos
2002-08-07typoVincent Labrecque
ok provos@
2002-08-05allow to specify an alternate directory for policy loading and writingNiels Provos
2002-08-05uid and gid are not guaranteed to be aligned on a register_t sized boundary.Jason Wright
Use a temporary location and then copy the value into place. provos ok.
2002-08-05increase buffer size for getstring, useful for execve arguments.Niels Provos
intercept_filename deals better with symlinked last component lookups. change some translations to use unlinkname.
2002-08-05different translation for lstatNiels Provos
2002-08-04keep track of ppid and allow matching rules to be logged via syslog.Niels Provos
2002-08-02performance improvement, reduces number of ioctl callsNiels Provos
2002-08-01correctly separate execve argv arguments. increase buffer size forNiels Provos
get_string
2002-08-01the last component in a filename for unlink may be a symlinkNiels Provos
2002-07-31bring in doc updates from netbsd. niels okJun-ichiro itojun Hagino
2002-07-30obey section order to mandoc. sync with netbsd.Jun-ichiro itojun Hagino
2002-07-30use NmJun-ichiro itojun Hagino
2002-07-30sometimes no-return syscalls (execve) emit errno < 0. ignore them.Jun-ichiro itojun Hagino
2002-07-30sync function decl and prototype (static-ness)Jun-ichiro itojun Hagino
2002-07-30avoid using same variable name for global and auto variable.Jun-ichiro itojun Hagino
2002-07-30oops, i've been looking at older tree.hJun-ichiro itojun Hagino
2002-07-30SPLAY_INSERT is a void functionJun-ichiro itojun Hagino
2002-07-30sync prototype for yyerror().Jun-ichiro itojun Hagino
2002-07-30include filter.h, dont' duplicate prototypeJun-ichiro itojun Hagino
2002-07-30extern decls should be outside of function.Jun-ichiro itojun Hagino
2002-07-30solve a problem with realpath when the last component of the path isNiels Provos
a directory without S_IXUSR; tested by me and dugsong.
2002-07-22add seqnr to message from kernel, userland needs to quote correct seqnr.Niels Provos
avoids problems where tsleep has been interrupted by a signal.
2002-07-20compile on sparc64Niels Provos
2002-07-19you can't always cast pointer to int; use intptr_t.Jun-ichiro itojun Hagino
2002-07-19constify, have missing prototypes, use pedantic compilation options.Jun-ichiro itojun Hagino
niels ok
2002-07-17on detach or kill do not do argument replacementNiels Provos
2002-07-16link translation for linux emulation, too.Niels Provos
2002-07-16translation for link system callNiels Provos
2002-07-16internal uid/gid tracking. permit can not detach systrace, useful forNiels Provos
sshd.
2002-07-14argv translation for exeveNiels Provos
2002-07-13uname translationNiels Provos
2002-07-13use correct length for PF_LOCAL sockets; not all applications fill inNiels Provos
sa_len
2002-07-12some clean up. install argument replacements only if we are going toNiels Provos
permit the system call. translate some set[e]{g,u}id calls
2002-07-11cleanupNiels Provos
2002-07-10make it work with chrootNiels Provos