summaryrefslogtreecommitdiffstats
path: root/bin/systrace/intercept.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* boom goes the dynamitetedu2016-04-251-1172/+0
|
* Remove NULL-check before free(). ok tb@mmcc2015-12-091-13/+7
|
* Eliminate the last of the LINTEDn and PRINTFLIKEn comments. In oneguenther2015-10-011-4/+2
| | | | | | | case, by deleting some useless '& of an array' we also eliminate the need for the casts which prompted the original lint warnings ok deraadt@
* move to PATH_MAX, etc; normalize includes for life in the <limits.h> universederaadt2015-01-161-9/+10
| | | | ok guenther millert
* Make sure the correct errno is reported by warn* or err* and notguenther2014-07-201-5/+9
| | | | | | the errno of an intervening cleanup operation like close/unlink/etc. Diff from Doug Hogan (doug (at) acyclic.org)
* calloc is better. from Peter Malonetedu2014-04-241-5/+4
|
* remove some unnecessary sys/param.h inclusionsderaadt2012-12-041-2/+1
|
* Reopen the systrace file in the process that will actually attach to theguenther2012-08-231-5/+13
| | | | | | target process(es), so that systrace files can be made unsharable. ok djm@
* Bump intercept_get_string() internal buffer to allow strings up tomatthew2011-10-181-2/+2
| | | | | | | | | ARG_MAX long, so that ic_trargv can execute reliably. Thanks to Olivier Cherrier for reporting and helping to diagnose the problem. ok deraadt@
* Add support for *at(2) system calls to systrace(1).matthew2011-09-181-3/+15
| | | | ok deraadt@, sthen@, jasper@
* fix trailing slashes in filenames behavior by *not* fixing it in systrace.tedu2010-04-201-3/+144
| | | | code from netbsd. ok deraadt
* keep trailing slashes in path normalization, as these might result insturm2007-06-151-4/+13
| | | | | | errors otherwise hidden by systrace noticed by naddy, ok ray on an earlier version of this diff
* don't assume 4-byte aligned memory when intercepting a stringsturm2007-05-151-2/+2
| | | | | | | | this should get rid of systrace: intercept_get_string: ioctl: Invalid argument no objections from provos, ok otto
* Use S_IS* macros insted of masking with S_IF* flags. The latter mayotto2006-09-191-2/+2
| | | | | have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@
* sync with systrace 1.6d, keeping local changessturm2006-07-021-7/+29
| | | | tests and feedback by a few
* ARGSUSED and a FALLTHROUGH to please lintsturm2006-04-261-1/+2
| | | | ok deraadt
* convert permanent privilege revocation to use setresuid/setresgid;djm2006-03-061-9/+5
| | | | ok henning@
* fix an issue when scripts are exec'd under systrace wheremarius2004-07-071-4/+11
| | | | | | | | | the argv[0] would be normalized, and hence break scripts that depend on how they were called. this fixes an issue in the ports builds. ok provos@ deraadt@; lots of testing during hackathon sturm@ naddy@
* if we have detached after an exec, bail out early, and avoid a double free.marius2004-06-241-3/+9
| | | | ok provos@, "works fine" sturm@
* a few fixes to systracemarius2004-06-231-11/+22
| | | | | | | | | | | | - add an exec message so that whenever a set-uid/gid process exec's a new image which we may control, the exec does not go by unnoticed. - take special care to check for P_SUGIDEXEC as well as P_SUGID, corresponding to the same changes that were made in the ptrace code a while ago ok niels@, sturm@; thanks to naddy for testing
* if a string considered a filename is too long, don't exit but just letsturm2004-03-301-4/+4
| | | | | | the syscall fail, it might not actually be a filename fixes pr 3140, ok provos@
* The empty filename does not receive normalization.sturm2004-01-301-1/+8
| | | | | | System calls are supposed to fail on it. from provos@, ok markus@
* typos from Jared Yanovich;jmc2003-10-181-3/+3
|
* originally from cb@openbsd.org, adapted by provossturm2003-10-081-9/+24
| | | | | | | | | | | | | itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@
* several diffs from Niels as applied to NetBSDsturm2003-08-041-26/+39
| | | | | | | | | | | | | monkey.org/NetBSD commit messages: - get rid of retarded CWD handling. CWD is fixed to the CWD of the systrace that started everything. - normalize file name function - normalize CWD for cases where CWD has a symlink in it. should solve problems where CWD policies would not match. - avoid warning due to name collision. - fixed contrived race condition during attachment; from marius@monkey.org itojun@ ok
* - sync with NetBSD or Niels' tarball where appropriatesturm2003-07-191-2/+3
| | | | | | | | | - keeps local changes - fixes a bug in profile feedback optimization and avoids symbol conflicts with errno - new feature: "ask" action itojun@ ok
* - limited number of processes per systraceitojun2003-06-161-1/+24
| | | | | - escape fixes for special characters markus, sturm ok. from provos
* pull in a bugfix from systrace-current to let systrace deal with creatingsturm2003-05-171-5/+5
| | | | | | directories correctly OK itojun@, thanks to niels for the help
* Fix a crash in the systrace found by form@art2003-02-201-4/+19
| | | | | | | One is a kernel fix that changes the lockin and one is a userland fix that prevents dereferencing a freed pointer. From provos deraadt@ ok
* prevent the use of permit for aliases. from provositojun2002-12-091-1/+16
|
* performance improvement by omitting a redundant getcwd.itojun2002-11-261-10/+21
| | | | from provos
* fix bug in determining execve name. from provositojun2002-11-121-2/+2
|
* little cleanup (intercept_getpid dies within the function on error).itojun2002-10-171-7/+4
| | | | from provos
* support for privilege elevation.itojun2002-10-161-17/+43
| | | | | | | | | | | with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos
* predicates are part of the grammar now; in non-root case, predicates areitojun2002-10-091-20/+52
| | | | | | evaluated only once; in root case, predicates and variable expansion are dynamic. from provos
* daemon should not change the directory. from provositojun2002-09-171-2/+2
|
* standalone ; at top scope is illegal in ansi cderaadt2002-09-061-6/+6
|
* fix systrace with chroot. from provositojun2002-08-281-9/+8
|
* if getcwd fails and we continue dont restcwd.provos2002-08-081-3/+6
|
* deal better with interrupted system callsprovos2002-08-071-6/+26
|
* uid and gid are not guaranteed to be aligned on a register_t sized boundary.jason2002-08-051-3/+9
| | | | Use a temporary location and then copy the value into place. provos ok.
* increase buffer size for getstring, useful for execve arguments.provos2002-08-051-5/+14
| | | | | intercept_filename deals better with symlinked last component lookups. change some translations to use unlinkname.
* keep track of ppid and allow matching rules to be logged via syslog.provos2002-08-041-1/+4
|
* performance improvement, reduces number of ioctl callsprovos2002-08-021-7/+14
|
* correctly separate execve argv arguments. increase buffer size forprovos2002-08-011-2/+3
| | | | get_string
* the last component in a filename for unlink may be a symlinkprovos2002-08-011-4/+13
|
* sometimes no-return syscalls (execve) emit errno < 0. ignore them.itojun2002-07-301-2/+2
|
* solve a problem with realpath when the last component of the path isprovos2002-07-301-5/+46
| | | | a directory without S_IXUSR; tested by me and dugsong.
* add seqnr to message from kernel, userland needs to quote correct seqnr.provos2002-07-221-6/+6
| | | | avoids problems where tsleep has been interrupted by a signal.
* constify, have missing prototypes, use pedantic compilation options.itojun2002-07-191-15/+21
| | | | niels ok
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.