| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
flag is set in the p_pfsflags field. This, essentially, prevents an SUID
proram from hanging after being traced. (E.g., "truss /usr/bin/rlogin" would
fail, but leave rlogin in a stopevent state.) Yet another case where procctl
is (hopefully ;)) no longer needed in the general case.
Reviewed by: bde (thanks bruce :))
Notes:
svn path=/head/; revision=31891
|
| |
|
|
| |
Notes:
svn path=/head/; revision=31778
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
it in struct proc instead.
This fixes a boatload of compiler warning, and removes a lot of cruft
from the sources.
I have not removed the /*ARGSUSED*/, they will require some looking at.
libkvm, ps and other userland struct proc frobbing programs will need
recompiled.
Notes:
svn path=/head/; revision=30994
|
| |
|
|
| |
Notes:
svn path=/head/; revision=30522
|
| |
|
|
|
|
|
|
|
|
|
| |
Distribute all but the most fundamental malloc types. This time I also
remembered the trick to making things static: Put "static" in front of
them.
A couple of finer points by: bde
Notes:
svn path=/head/; revision=30354
|
| |
|
|
|
|
|
|
|
| |
same syscall number as NetBSD/OpenBSD. The getpgid() came from NetBSD
(I think) originally, but it's basically cut/paste/edit from the other
simple get*() syscalls.
Notes:
svn path=/head/; revision=28401
|
| |
|
|
| |
Notes:
svn path=/head/; revision=27845
|
| |
|
|
|
|
|
|
|
|
| |
by bde.
Don't return EPERM in setre[ug]id() just because the caller passes in
the current effective id in the second arg (ie: no change), as suggested
by ache.
Notes:
svn path=/head/; revision=24559
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is valueable for library code which needs to be able to find out
whether the current process is or *was* set[ug]id at some point in the
past, and may have a "tainted" execution environment. This is especially
a problem with the trend to immediately revoke privs at startup and regain
them for critical sections. One problem with this is that if a cracker
is able to compromise the program while it's still got a saved id, the
cracker can direct the program to regain the privs. Another problem is
that the user may be able to affect the program in some other way (eg:
setting resolver host aliases) and the library code needs to know when it
should disable these sorts of features.
Reviewed by: ache
Inspired by: OpenBSD (but with a different implementation)
Notes:
svn path=/head/; revision=24453
|
| |
|
|
|
|
|
|
|
| |
(for supporting issetugid())
Reviewed by: ache (as was the previous commit, rev 1.29)
Notes:
svn path=/head/; revision=24450
|
| |
|
|
|
|
|
| |
(for supporting issetugid())
Notes:
svn path=/head/; revision=24449
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that allows traditional BSD setuid/setgid behavior.
The only visible difference should be that a non-root setuid program
(eg: inn's "rnews" program) that is setuid to news, can completely
"become" uid news. (ie: setuid(geteuid()) This was allowed in
traditional 4.2/4.3BSD and is now "blessed" by Posix as a special
case of "appropriate privilige".
Also, be much more careful with the P_SUGID flag so that we can use it
for issetugid() - only set it if something changed.
Reviewed by: ache
Notes:
svn path=/head/; revision=24448
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vector except for the egid in groups[0]. There is a risk that programs
that come from SYSV/Linux that expect this to work and don't check for
error returns may accidently pass root's groups on to child processes.
We now do what is least suprising (to non BSD programs/programmers) in
this scenario, and nothing is changed for programs written with BSD groups
rules in mind.
Reviewed by: ache
Notes:
svn path=/head/; revision=24447
|
| |
|
|
| |
Notes:
svn path=/head/; revision=23359
|
| |
|
|
|
|
|
| |
it is stricter than padded s_login size check was there.
Notes:
svn path=/head/; revision=23358
|
| |
|
|
|
|
|
| |
sizeof of padded s_login array
Notes:
svn path=/head/; revision=23330
|
| |
|
|
|
|
|
| |
ready for it yet.
Notes:
svn path=/head/; revision=22975
|
| |
|
|
|
|
|
| |
Don't overwrite session login unless the call is going to succeed.
Notes:
svn path=/head/; revision=22522
|
| |
|
|
|
|
|
|
|
|
|
| |
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
Notes:
svn path=/head/; revision=21673
|
| |
|
|
|
|
|
| |
Found by: NIST-PCTS
Notes:
svn path=/head/; revision=20677
|
| |
|
|
|
|
|
|
| |
_POSIX_SAVED_IDS is defined. This feature was broken for a day
or two.
Notes:
svn path=/head/; revision=18013
|
| |
|
|
| |
Notes:
svn path=/head/; revision=17994
|
| |
|
|
|
|
|
| |
that was exiting.
Notes:
svn path=/head/; revision=15985
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
structs and prototypes for syscalls.
Ifdefed duplicated decentralized declarations of args structs. It's
convenient to have this visible but they are hard to maintain. Some
are already different from the central declarations. 4.4lite2 puts
them in comments in the function headers but I wanted to avoid the
large changes for that.
Notes:
svn path=/head/; revision=12221
|
| |
|
|
| |
Notes:
svn path=/head/; revision=12207
|
| |
|
|
|
|
|
| |
Obtained from: 4.4BSD-Lite2
Notes:
svn path=/head/; revision=12063
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prototypes are located in <sys/sysproto.h>.
Add appropriate #include <sys/sysproto.h> to files that needed
protos from systm.h.
Add structure definitions to appropriate files that relied on sys/systm.h,
right before system call definition, as in the rest of the kernel source.
In kern_prot.c, instead of using the dummy structure "args", create
individual dummy structures named <syscall>_args. This makes
life easier for prototype generation.
Notes:
svn path=/head/; revision=11332
|
| |
|
|
|
|
|
|
| |
Fixed: lack of crcopy in certain conditions, lack
of setting sv[ug]id in certain conditions. Fixes non-critical.
Notes:
svn path=/head/; revision=9238
|
| |
|
|
|
|
|
| |
Submitted by: bde
Notes:
svn path=/head/; revision=8162
|
| |
|
|
| |
Notes:
svn path=/head/; revision=8141
|
| |
|
|
| |
Notes:
svn path=/head/; revision=8135
|
| |
|
|
| |
Notes:
svn path=/head/; revision=8111
|
| |
|
|
| |
Notes:
svn path=/head/; revision=8019
|
| |
|
|
| |
Notes:
svn path=/head/; revision=8011
|
| |
|
|
| |
Notes:
svn path=/head/; revision=3566
|
| |
|
|
|
|
|
|
|
|
|
| |
cycles. While waiting there I added a lot of the extra ()'s I have, (I have
never used LISP to any extent). So I compiled the kernel with -Wall and
shut up a lot of "suggest you add ()'s", removed a bunch of unused var's
and added a couple of declarations here and there. Having a lap-top is
highly recommended. My kernel still runs, yell at me if you kernel breaks.
Notes:
svn path=/head/; revision=3098
|
| |
|
|
| |
Notes:
svn path=/head/; revision=1817
|
| |
|
|
|
|
|
|
| |
Reviewed by: Rodney W. Grimes
Submitted by: John Dyson and David Greenman
Notes:
svn path=/head/; revision=1549
|
|
|
Notes:
svn path=/head/; revision=1541
|
