summaryrefslogtreecommitdiff
path: root/sys/dev/systrace.c
AgeCommit message (Collapse)Author
2010-07-21No need for read/write functions, just use enodev like all the otherTheo de Raadt
things things do ok nicm
2009-11-09Every selwakeup() should have a matching KNOTE() (even if kqueue isn'tNicholas Marriott
supported it doesn't do any harm), so put the KNOTE() in selwakeup() itself and remove it from any occurences where both are used, except one for kqueue itself and one in sys_pipe.c (where the selwakeup is under a PIPE_SEL flag). Based on a diff from tedu. ok deraadt
2009-10-31Add missing KNOTE() calls after selwakeup(), until we decide if the KNOTE()Theo de Raadt
calls can go directly into selwakeup() safely long discussion with nicm, murmers of consent from tedu and miod, noone else seems to care of kqueue is busted as long as it makes their sockets move data fast... pretty sad.
2009-07-09Remove the VREF() macro and replaces all instances with a call to verf(),Thordur I. Bjornsson
which is exactly what the macro does. Macro's that are nothing more then: #define FUNCTION(arg) function(arg) are almost always pointless and should go away. OK blambert@ Agreed by many.
2008-11-09systrace activation happens in the middle of a rather sensitive piece ofTheo de Raadt
fork(), i worry about it a lot but cannot prove yet that sleeping there is bad. Anyways, this change makes us never sleep in that area -- the memory needed is allocated ealier like the ptrace state. tested by many developers.
2008-09-12Remove bzero/memset calls after pool_gets by passing the PR_ZEROBret Lambert
flag to the pool_get call. ok art@, krw@
2008-01-05return with ENOTTY instead of EINVAL for unknown ioctl requests.Brad Smith
ok krw@ deraadt@ dlg@
2007-09-11KNFGilles Chehade
prompted and "much better" by marco@, ok pyr@
2007-09-10more MALLOC/FREE -> malloc/free and M_ZERO changesGilles Chehade
ok pyr@
2007-03-15Since p_flag is often manipulated in interrupts and without biglockArtur Grabowski
it's a good idea to use atomic.h operations on it. This mechanic change updates all bit operations on p_flag to atomic_{set,clear}bits_int. Only exception is that P_OWEUPC is set by MI code before calling need_proftick and it's automatically cleared by ADDUPC. There's no reason for MD handling of that flag since everyone handles it the same way. kettenis@ ok
2006-10-06fix an exploitable integer overflow found by Chris Evans of GoogleDamien Miller
Security; ok deraadt
2006-05-28Allow len == 1 in systrace_fname(), so systraced processes can proceedPedro Martelletto
their *stat() calls, for example, and get ENOENT, which is expected for "", instead of a forced EINVAL. Fixes the spurious 'rm: : Invalid argument' warnings when building with option USE_SYSTRACE, reported on ports@. Okay provos@ sturm@ deraadt@
2006-05-23Replace lockmgr with rwlock; 'i think so' tedu@, ok sturm@Aleksander Piotrowski
2005-12-11Replace procfs_domem() with a similar interface, process_domem(), which livesMiod Vallat
out of procfs and gets a ptrace request PT_{READ,WRITE}_{I,D} as argument; also procfs_checkioperm() becomes process_checkioperm(). From art@ some time ago; ok kettenis@ pedro@
2005-11-19Remove unnecessary lockmgr() archaism that was costing too much in termsPedro Martelletto
of panics and bugfixes. Access curproc directly, do not expect a process pointer as an argument. Should fix many "process context required" bugs. Incentive and okay millert@, okay marc@. Various testing, thanks.
2005-04-17Intermediate cast of strio_offs -> uio_offset should be u_long not longTodd C. Miller
since otherwise a very high kernel address would be stored as a negative offset. From NetBSD (christos).
2004-11-07add a new message: inject. this allows the tracer to to inject buffers intomarius eriksen
the stackgap. this in turn allows for argument replacement with indirection. for example replacing an entire envp or struct pollfd. ok provos@ millert@
2004-07-07fix an issue when scripts are exec'd under systrace wheremarius eriksen
the argv[0] would be normalized, and hence break scripts that depend on how they were called. this fixes an issue in the ports builds. ok provos@ deraadt@; lots of testing during hackathon sturm@ naddy@
2004-06-23a few fixes to systracemarius eriksen
- add an exec message so that whenever a set-uid/gid process exec's a new image which we may control, the exec does not go by unnoticed. - take special care to check for P_SUGIDEXEC as well as P_SUGID, corresponding to the same changes that were made in the ptrace code a while ago ok niels@, sturm@; thanks to naddy for testing
2003-10-21typos from Tom Cosgrove;Jason McIntyre
2003-10-08originally from cb@netbsd.org, adapted by provosNikolay Sturm
itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@
2003-09-23Replace select backends with poll backends. selscan() and pollscan()Todd C. Miller
now call the poll backend. With this change we implement greater poll(2) functionality instead of emulating it via the select backend. Adapted from NetBSD and including some changes from FreeBSD. Tested by many, deraadt@ OK
2003-08-15change arguments to suser. suser now takes the process, and a flagsTed Unangst
argument. old cred only calls user suser_ucred. this will allow future work to more flexibly implement the idea of a root process. looks like something i saw in freebsd, but a little different. use of suser_ucred vs suser in file system code should be looked at again, for the moment semantics remain unchanged. review and input from art@ testing and further review miod@
2003-06-16- limited number of processes per systraceJun-ichiro itojun Hagino
- escape fixes for special characters markus, sturm ok. from provos
2003-03-28unbreakHenning Brauer
STRIOCCLONE and SYSTR_CLONE have the same value now ok mickey@
2003-02-20Fix a crash in the systrace found by form@Artur Grabowski
One is a kernel fix that changes the lockin and one is a userland fix that prevents dereferencing a freed pointer. From provos deraadt@ ok
2002-12-12statement after label.Artur Grabowski
2002-12-04rename the clone ioctl to avoid clashing w/ the sockio; provos@ okMichael Shalayeff
2002-11-10Be more careful with illegal syscall numbers.Artur Grabowski
2002-10-25add id tags.Federico G. Schwindt
2002-10-16support for privilege elevation.Jun-ichiro itojun Hagino
with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos
2002-10-09new message to track uid/gid changesJun-ichiro itojun Hagino
from provos
2002-08-28cast size_t to u_long on printing. from netbsdJun-ichiro itojun Hagino
2002-08-07return EBUSY in processreadyNiels Provos
2002-07-30minor KNF. pid_t is unsigned.Jun-ichiro itojun Hagino
2002-07-30whitespace at EOLJun-ichiro itojun Hagino
2002-07-24better uid/gid tracking; okay deraadt@Niels Provos
2002-07-23prevent double free in some error conditions; from xs@kittenz.orgNiels Provos
2002-07-22add seqnr to message from kernel, userland needs to quote correct seqnr.Niels Provos
avoids problems where tsleep has been interrupted by a signal.
2002-07-21two more missing systrace_lockJun-ichiro itojun Hagino
2002-07-21need systrace_lock/unlock around lockmgr lock operation. provos okJun-ichiro itojun Hagino
2002-07-20comment clarification. niels okJun-ichiro itojun Hagino
2002-07-19minor KNFJun-ichiro itojun Hagino
2002-07-19whitespaceJun-ichiro itojun Hagino
2002-07-19tabifyJun-ichiro itojun Hagino
2002-07-13do not call unlock when the lock is not locked; found by millert@Niels Provos
2002-07-12in the error case, just remove an installed argument replacement, it is notNiels Provos
needed
2002-06-21system call argument rewriting framework via stackgap; okay art@Niels Provos
2002-06-10more __FUNCTION__ slaughterMarc Espie
2002-06-10new ioctl that reports the current emulation a process uses; needed forNiels Provos
attaching to a running process