summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_tame.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* recompute len when the path is absolute as canonpath could have shrink itsemarie2015-08-231-2/+3
| | | | OK deraadt@
* Move to tame(int flags, char *paths[]) API/ABI.deraadt2015-08-221-77/+250
| | | | | | | | | | | | The pathlist is a whitelist of dirs and files; anything else returns ENOENT. Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which permits explicit change operations against "struct stat" fields. Some other TAME_ flags are refined slightly. Not cranking libc now, since nothing commited in base uses this and the timing is uncomfortable for others. Discussed with many; thanks for a few bug fixes from semarie, doug, guenther. ok guenther
* Whitelist TIOCGPGRP (for tcgetpgrp()) in TAME_IOCTL.doug2015-08-211-1/+2
| | | | | | Requested by Sunil Nimmagadda to help tame http. ok deraadt@
* reactivate tame()deraadt2015-08-201-5/+1
|
* Neuter tame(2) with ENOSYS for upcoming release cycle, in a fairlyderaadt2015-07-291-1/+5
| | | | simple and gross fashion, but the least impact on other parts...
* normalize disclaimer to license.template; noted by reykderaadt2015-07-281-4/+4
|
* Rather than disabling tame to coredump, leave it enabled but flag thatderaadt2015-07-271-1/+4
| | | | | a coredump is happening. This improves behaviour while threaded. ok semarie
* enforce tame by disabling all TAME_ flags if tame_fail() is reach, and not onlysemarie2015-07-271-2/+3
| | | | | | if TAME_ABORT is setted. ok deraadt@
* Replace TIOCSWINSZ with TIOCGWINSZ in tame(2).doug2015-07-231-2/+2
| | | | ok deraadt@
* Slam signal handlers harder in tame_fail(), found by semarie.deraadt2015-07-221-20/+9
| | | | | Also delete some prototype KTRACE code which is not headed in the right direction.
* Always permit kbind (for dynamic linking) and add __thrsigdivert to theguenther2015-07-211-2/+4
| | | | | | SELF list like the other threading calls ok deraadt@
* crudely canonicalize paths before taming them. ok deraadt dougtedu2015-07-201-2/+72
|
* Allow the sched_yield, __thrsleep, __thrwakeup, and __threxit syscallsjeremy2015-07-201-1/+7
| | | | | | when using tame(2). This allows threaded programs to work. OK deraadt@
* In _TM_SELF, permit uname(3); OK deraadt@.schwarze2015-07-201-3/+18
|
* Be more paranoid and don't let any ioctls through with invalid filenicm2015-07-201-3/+4
| | | | descriptors.
* Don't try to dereference fp if it is NULL, ok deraadtnicm2015-07-201-2/+5
|
* tame_cmsg_send and tame_cmsg_recv are called with the data set to a filenicm2015-07-201-7/+16
| | | | descriptor, so call fd_getfile to get a struct file *. ok deraadt
* getpagesize() may occur late in programs; permit itderaadt2015-07-201-2/+6
|
* Add setgroups(2) to TAME_PROC, ok deraadtnicm2015-07-201-1/+2
|
* In TAME_IOCTL, permit BIOCGSTATS on a vnode. We don't drill down deeperderaadt2015-07-201-1/+7
| | | | yet to verify it is a bpf node. Will be used by tcpdump privsep side.
* Repair various strncmp lengths, noticed by Brandon Caseyderaadt2015-07-191-6/+9
|
* tame(2) is a subsystem which restricts programs into a "reduced featurederaadt2015-07-191-0/+784
operating model". This is the kernel component; various changes should proceed in-tree for a while before userland programs start using it. ok miod, discussions and help from many
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.