summaryrefslogtreecommitdiff
path: root/sys/kern/kern_prot.c
Commit message (Collapse)AuthorAgeFilesLines
* $Id$ -> $FreeBSD$Peter Wemm1999-08-281-1/+1
| | | | Notes: svn path=/head/; revision=50477
* This Implements the mumbled about "Jail" feature.Poul-Henning Kamp1999-04-281-19/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/ Notes: svn path=/head/; revision=46155
* Change suser_xxx() to suser() where it applies.Poul-Henning Kamp1999-04-271-10/+10
| | | | Notes: svn path=/head/; revision=46116
* Suser() simplification:Poul-Henning Kamp1999-04-271-12/+19
| | | | | | | | | | | | | | | | | | | | | | 1: s/suser/suser_xxx/ 2: Add new function: suser(struct proc *), prototyped in <sys/proc.h>. 3: s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/ The remaining suser_xxx() calls will be scrutinized and dealt with later. There may be some unneeded #include <sys/cred.h>, but they are left as an exercise for Bruce. More changes to the suser() API will come along with the "jail" code. Notes: svn path=/head/; revision=46112
* Fix warnings in preparation for adding -Wall -Wcast-qual to theMatthew Dillon1999-01-281-9/+9
| | | | | | | kernel compile Notes: svn path=/head/; revision=43311
* getpgid() and getsid() were doing a comparision rather than an assignment,Don Lewis1998-12-131-5/+11
| | | | | | | | which is fortunate, because otherwise another bug would allow them to be used to stomp on the syscall return value of another process. Notes: svn path=/head/; revision=41726
* add #include <sys/kernel.h> where it's needed by MALLOC_DEFINE()Peter Wemm1998-11-101-1/+2
| | | | Notes: svn path=/head/; revision=41059
* If the session leader dies, s_leader is set to NULL and getsid() mayDon Lewis1998-11-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | dereference a NULL pointer, causing a panic. Instead of following s_leader to find the session id, store it in the session structure. Jukka found the following info: BTW - I just found what I have been looking for. Std 1003.1 Part 1: SYSTEM API [C LANGUAGE] section 2.2.2.80 states quite explicitly... Session lifetime: The period between when a session is created and the end of lifetime of all the process groups that remain as members of the session. So, this quite clearly tells that while there is any single process in any process group which is a member of the session, the session remains as an independent entity. Reviewed by: peter Submitted by: "Jukka A. Ukkonen" <jau@jau.tmt.tele.fi> Notes: svn path=/head/; revision=41038
* 64bit fixes: use size_t not u_int for sizes.Doug Rabson1998-06-101-2/+2
| | | | Notes: svn path=/head/; revision=36845
* Clear the p_stops field on change of user/group id, unless the correctSean Eric Fagan1997-12-201-16/+26
| | | | | | | | | | | | flag is set in the p_pfsflags field. This, essentially, prevents an SUID proram from hanging after being traced. (E.g., "truss /usr/bin/rlogin" would fail, but leave rlogin in a stopevent state.) Yet another case where procctl is (hopefully ;)) no longer needed in the general case. Reviewed by: bde (thanks bruce :)) Notes: svn path=/head/; revision=31891
* Make COMPAT_43 and COMPAT_SUNOS new-style options.Eivind Eklund1997-12-161-1/+3
| | | | Notes: svn path=/head/; revision=31778
* Move the "retval" (3rd) parameter from all syscall functions and putPoul-Henning Kamp1997-11-061-60/+38
| | | | | | | | | | | | | | | it in struct proc instead. This fixes a boatload of compiler warning, and removes a lot of cruft from the sources. I have not removed the /*ARGSUSED*/, they will require some looking at. libkvm, ps and other userland struct proc frobbing programs will need recompiled. Notes: svn path=/head/; revision=30994
* Killed non-sensical call to splimp/splx in crfree().David Greenman1997-10-171-5/+1
| | | | Notes: svn path=/head/; revision=30522
* Last major round (Unless Bruce thinks of somthing :-) of malloc changes.Poul-Henning Kamp1997-10-121-1/+3
| | | | | | | | | | | Distribute all but the most fundamental malloc types. This time I also remembered the trick to making things static: Put "static" in front of them. A couple of finer points by: bde Notes: svn path=/head/; revision=30354
* Implement XPG/SYSV-style getpgid()/getsid() syscalls. getpgid() uses thePeter Wemm1997-08-191-1/+50
| | | | | | | | | same syscall number as NetBSD/OpenBSD. The getpgid() came from NetBSD (I think) originally, but it's basically cut/paste/edit from the other simple get*() syscalls. Notes: svn path=/head/; revision=28401
* Removed unused #includes.Bruce Evans1997-08-021-4/+1
| | | | Notes: svn path=/head/; revision=27845
* Don't incorrectly set P_SUGID in setre[ug]id() for no reason, as noticedPeter Wemm1997-04-021-5/+9
| | | | | | | | | | by bde. Don't return EPERM in setre[ug]id() just because the caller passes in the current effective id in the second arg (ie: no change), as suggested by ache. Notes: svn path=/head/; revision=24559
* Implement code for an OpenBSD-style issetuigid().Peter Wemm1997-03-311-1/+26
| | | | | | | | | | | | | | | | | | | This is valueable for library code which needs to be able to find out whether the current process is or *was* set[ug]id at some point in the past, and may have a "tainted" execution environment. This is especially a problem with the trend to immediately revoke privs at startup and regain them for critical sections. One problem with this is that if a cracker is able to compromise the program while it's still got a saved id, the cracker can direct the program to regain the privs. Another problem is that the user may be able to affect the program in some other way (eg: setting resolver host aliases) and the library code needs to know when it should disable these sorts of features. Reviewed by: ache Inspired by: OpenBSD (but with a different implementation) Notes: svn path=/head/; revision=24453
* Do not set the P_SUGID flag in seteuid()/setegid() if nothing has changed.Peter Wemm1997-03-311-11/+20
| | | | | | | | | (for supporting issetugid()) Reviewed by: ache (as was the previous commit, rev 1.29) Notes: svn path=/head/; revision=24450
* Do not set the P_SUGID flag in seteuid()/setegid() if nothing has changed.Peter Wemm1997-03-311-9/+15
| | | | | | | (for supporting issetugid()) Notes: svn path=/head/; revision=24449
* Fully implement the clause in Appendix B.4.2.2 from Posix 1003.1Peter Wemm1997-03-311-31/+132
| | | | | | | | | | | | | | | | | | that allows traditional BSD setuid/setgid behavior. The only visible difference should be that a non-root setuid program (eg: inn's "rnews" program) that is setuid to news, can completely "become" uid news. (ie: setuid(geteuid()) This was allowed in traditional 4.2/4.3BSD and is now "blessed" by Posix as a special case of "appropriate privilige". Also, be much more careful with the P_SUGID flag so that we can use it for issetugid() - only set it if something changed. Reviewed by: ache Notes: svn path=/head/; revision=24448
* Make setgroups(0, xxx) behave as it does on SYSV, namely clear the groupsPeter Wemm1997-03-311-6/+20
| | | | | | | | | | | | | | | vector except for the egid in groups[0]. There is a risk that programs that come from SYSV/Linux that expect this to work and don't check for error returns may accidently pass root's groups on to child processes. We now do what is least suprising (to non BSD programs/programmers) in this scenario, and nothing is changed for programs written with BSD groups rules in mind. Reviewed by: ache Notes: svn path=/head/; revision=24447
* Oops, fix typo.Andrey A. Chernov1997-03-031-2/+2
| | | | Notes: svn path=/head/; revision=23359
* Don't copy more than MAXLOGNAME bytes in getlogin() syscall,Andrey A. Chernov1997-03-031-3/+3
| | | | | | | it is stricter than padded s_login size check was there. Notes: svn path=/head/; revision=23358
* Use MAXLOGNAME for stricter size check in setlogin() syscall instead ofAndrey A. Chernov1997-03-031-3/+3
| | | | | | | sizeof of padded s_login array Notes: svn path=/head/; revision=23330
* Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are notPeter Wemm1997-02-221-1/+1
| | | | | | | ready for it yet. Notes: svn path=/head/; revision=22975
* Fix off by one error in setlogin() syscall.David Nugent1997-02-101-3/+6
| | | | | | | Don't overwrite session login unless the call is going to succeed. Notes: svn path=/head/; revision=22522
* Make the long-awaited change from $Id$ to $FreeBSD$Jordan K. Hubbard1997-01-141-1/+1
| | | | | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise. Notes: svn path=/head/; revision=21673
* Fixed setpgid(). Negative pgids were accepted.Bruce Evans1996-12-191-1/+3
| | | | | | | Found by: NIST-PCTS Notes: svn path=/head/; revision=20677
* Added #include of <unistd.h> so that there is some chance thatBruce Evans1996-09-031-1/+2
| | | | | | | | _POSIX_SAVED_IDS is defined. This feature was broken for a day or two. Notes: svn path=/head/; revision=18013
* Conditionalize POSIX saved ids code on _POSIX_SAVED_IDS defineAndrey A. Chernov1996-09-011-4/+22
| | | | Notes: svn path=/head/; revision=17994
* Fix a panic caused by (proc)->p_session being dereferenced for a processDavid Greenman1996-05-301-2/+2
| | | | | | | that was exiting. Notes: svn path=/head/; revision=15985
* Included <sys/sysproto.h> to get central declarations for syscall argsBruce Evans1995-11-121-1/+40
| | | | | | | | | | | | | structs and prototypes for syscalls. Ifdefed duplicated decentralized declarations of args structs. It's convenient to have this visible but they are hard to maintain. Some are already different from the central declarations. 4.4lite2 puts them in comments in the function headers but I wanted to avoid the large changes for that. Notes: svn path=/head/; revision=12221
* Fixed type of setsid(). It used used the bogus `getsid_args'.Bruce Evans1995-11-111-3/+3
| | | | Notes: svn path=/head/; revision=12207
* Return EINVAL if the number of groups is less than 1 in setgroups().David Greenman1995-11-041-2/+3
| | | | | | | Obtained from: 4.4BSD-Lite2 Notes: svn path=/head/; revision=12063
* Remove prototype definitions from <sys/systm.h>.Steven Wallace1995-10-081-10/+37
| | | | | | | | | | | | | | | | | Prototypes are located in <sys/sysproto.h>. Add appropriate #include <sys/sysproto.h> to files that needed protos from systm.h. Add structure definitions to appropriate files that relied on sys/systm.h, right before system call definition, as in the rest of the kernel source. In kern_prot.c, instead of using the dummy structure "args", create individual dummy structures named <syscall>_args. This makes life easier for prototype generation. Notes: svn path=/head/; revision=11332
* Optimized and simplified version of setreuid/gidAndrey A. Chernov1995-06-151-34/+33
| | | | | | | | Fixed: lack of crcopy in certain conditions, lack of setting sv[ug]id in certain conditions. Fixes non-critical. Notes: svn path=/head/; revision=9238
* set[ug]id(): call suser() only when neccesarryAndrey A. Chernov1995-04-291-9/+9
| | | | | | | Submitted by: bde Notes: svn path=/head/; revision=8162
* Implement POSIX SAVED_IDS for setuid/setgidAndrey A. Chernov1995-04-281-10/+17
| | | | Notes: svn path=/head/; revision=8141
* setre*(): simplify return scheme, pointed by BruceAndrey A. Chernov1995-04-281-23/+19
| | | | Notes: svn path=/head/; revision=8135
* Implement setreuid/setregid according to SunOS manpageAndrey A. Chernov1995-04-271-23/+41
| | | | Notes: svn path=/head/; revision=8111
* Make setreuid/setregid active syscallsAndrey A. Chernov1995-04-231-5/+3
| | | | Notes: svn path=/head/; revision=8019
* Correct the type of the `acflag' arg to suser().Bruce Evans1995-04-231-2/+2
| | | | Notes: svn path=/head/; revision=8011
* Added ifdef COMPAT_IBCS2 around setre[ug]id.Søren Schmidt1994-10-131-3/+3
| | | | Notes: svn path=/head/; revision=3566
* While in the real world, I had a bad case of being swapped out for a lot ofPoul-Henning Kamp1994-09-251-7/+7
| | | | | | | | | | | cycles. While waiting there I added a lot of the extra ()'s I have, (I have never used LISP to any extent). So I compiled the kernel with -Wall and shut up a lot of "suggest you add ()'s", removed a bunch of unused var's and added a couple of declarations here and there. Having a lap-top is highly recommended. My kernel still runs, yell at me if you kernel breaks. Notes: svn path=/head/; revision=3098
* Added $Id$David Greenman1994-08-021-0/+1
| | | | Notes: svn path=/head/; revision=1817
* The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.Rodney W. Grimes1994-05-251-0/+22
| | | | | | | | Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman Notes: svn path=/head/; revision=1549
* BSD 4.4 Lite Kernel SourcesRodney W. Grimes1994-05-241-0/+566
Notes: svn path=/head/; revision=1541
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-08 21:31:42 +0000