summaryrefslogtreecommitdiffstats
path: root/sys/dev/systrace.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* boom goes the dynamitetedu2016-04-251-243/+0
|
* Copy the stackgap_init() and stackgap_alloc() functions fromnaddy2016-03-011-1/+4
| | | | | | compat/common/compat_util.c to dev/systrace.c, the one place they are used, and remove the remaining kernel references to compat/*. ok visa@
* #include <sys/syslimits.h> to allow operation without requiring the noisederaadt2015-01-201-1/+2
| | | | of <sys/param.h>
* Move to using PATH_MAXderaadt2015-01-161-3/+3
| | | | ok millert guenther
* Add support for *at(2) system calls to systrace(1).matthew2011-09-181-2/+7
| | | | ok deraadt@, sthen@, jasper@
* Add a SYSTR_POLICY_KILL per-syscall policy option that sends SIGKILL todjm2011-06-221-1/+2
| | | | | | | | | the traced process when the syscall is attempted. This is more useful and safer for unsupervised sandboxing than returning EPERM (which is the behaviour of SYSTR_POLICY_NEVER), as this could cause dangerous misbehaviour in applications that don't expect it. "I like it" deraadt@ markus@
* systrace activation happens in the middle of a rather sensitive piece ofderaadt2008-11-091-2/+4
| | | | | | | fork(), i worry about it a lot but cannot prove yet that sleeping there is bad. Anyways, this change makes us never sleep in that area -- the memory needed is allocated ealier like the ptrace state. tested by many developers.
* fix an exploitable integer overflow found by Chris Evans of Googledjm2006-10-061-1/+2
| | | | Security; ok deraadt
* Replace lockmgr with rwlock; 'i think so' tedu@, ok sturm@alek2006-05-231-2/+3
|
* add a new message: inject. this allows the tracer to to inject buffers intomarius2004-11-071-2/+10
| | | | | | | the stackgap. this in turn allows for argument replacement with indirection. for example replacing an entire envp or struct pollfd. ok provos@ millert@
* fix an issue when scripts are exec'd under systrace wheremarius2004-07-071-2/+11
| | | | | | | | | the argv[0] would be normalized, and hence break scripts that depend on how they were called. this fixes an issue in the ports builds. ok provos@ deraadt@; lots of testing during hackathon sturm@ naddy@
* a few fixes to systracemarius2004-06-231-13/+20
| | | | | | | | | | | | - add an exec message so that whenever a set-uid/gid process exec's a new image which we may control, the exec does not go by unnoticed. - take special care to check for P_SUGIDEXEC as well as P_SUGID, corresponding to the same changes that were made in the ptrace code a while ago ok niels@, sturm@; thanks to naddy for testing
* originally from cb@netbsd.org, adapted by provossturm2003-10-081-1/+10
| | | | | | | | | | | | | itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@
* - limited number of processes per systraceitojun2003-06-161-7/+9
| | | | | - escape fixes for special characters markus, sturm ok. from provos
* fake off the SYSTR_CLONE through a normally numbered other ioctl; as of previous rename; after discussion w/ nielsmickey2003-03-281-4/+2
|
* rename the clone ioctl to avoid clashing w/ the sockio; provos@ okmickey2002-12-041-1/+3
|
* add id tags.fgsch2002-10-251-0/+1
|
* support for privilege elevation.itojun2002-10-161-0/+4
| | | | | | | | | | | with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos
* new message to track uid/gid changesitojun2002-10-091-0/+7
| | | | from provos
* better uid/gid tracking; okay deraadt@provos2002-07-241-0/+2
|
* add seqnr to message from kernel, userland needs to quote correct seqnr.provos2002-07-221-1/+3
| | | | avoids problems where tsleep has been interrupted by a signal.
* system call argument rewriting framework via stackgap; okay art@provos2002-06-211-0/+11
|
* forgot copyright, pointed out by christos@netbsdprovos2002-06-161-0/+30
|
* new ioctl that reports the current emulation a process uses; needed forprovos2002-06-101-0/+1
| | | | attaching to a running process
* explicit padding; okay deraadt@provos2002-06-021-0/+1
|
* make fsystrace available in systrace.h; keep some more stats.provos2002-05-191-0/+23
|
* systrace facility, used to enforce and generate policies for system callsprovos2002-05-161-0/+112
okay deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.