system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-08 09:30:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
freebsd-src/sys
History
Robert Watson 0ef5652e27 o Introduce new kern.security sysctl tree for kernel security policy 
MIB entries.
o Relocate kern.suser_permitted to kern.security.suser_permitted.
o Introduce new kern.security.unprivileged_procdebug_permitted, which
  (when set to 0) prevents processes without privilege from performing
  a variety of inter-process debugging activities.  The default is 1,
  to provide current behavior.

  This feature allows "hardened" systems to disable access to debugging
  facilities, which have been associated with a number of past security
  vulnerabilities.  Previously, while procfs could be unmounted, other
  in-kernel facilities (such as ptrace()) were still available.  This
  setting should not be modified on normal development systems, as it
  will result in frustration.  Some utilities respond poorly to
  failing to get the debugging access they require, and error response
  by these utilities may be improved in the future in the name of
  beautification.

  Note that there are currently some odd interactions with some
  facilities, which will need to be resolved before this should be used
  in production, including odd interactions with truss and ktrace.
  Note also that currently, tracing is permitted on the current process
  regardless of this flag, for compatibility with previous
  authorization code in various facilities, but that will probably
  change (and resolve the odd interactions).

Obtained from:	TrustedBSD Project
2001-07-31 15:48:21 +00:00
..
alpha Use a machine dependent type, Elf_Hashelt, for the elements of the elf 2001-07-31 03:46:39 +00:00
amd64 Use a machine dependent type, Elf_Hashelt, for the elements of the elf 2001-07-31 03:46:39 +00:00
arm Don't need the .keep_me files. Obrien and I committed past each other. 2001-07-01 23:35:44 +00:00
boot s/adress/address/ 2001-07-23 12:05:27 +00:00
cam Kill the command (don't rerun it) if we had an AUTOSENSE failure. 2001-07-30 00:44:32 +00:00
coda Warning fix: coda_fbsd.c:113: warning: unused variable `ret' 2001-06-15 00:02:27 +00:00
compat Added the linux_sysinfo function to implement sysinfo(2). 2001-07-23 06:22:10 +00:00
conf Convert the olpt driver to using new-bus stuff. 2001-07-29 11:11:45 +00:00
contrib fix import/merge related code problems 2001-07-30 10:53:23 +00:00
crypto properly check DES weak key. KAME PR 363. 2001-07-03 17:46:48 +00:00
ddb Quiet a variable format-string warning. 2001-07-19 02:05:00 +00:00
dev Make the openfirmware functions work on 64 bit architectures by using 2001-07-31 03:36:26 +00:00
fs remove support for creating files and directories from msdosfs_mknod 2001-07-19 19:15:42 +00:00
geom Polish error handling with biofinish(). 2001-05-08 09:10:27 +00:00
gnu Do not depend on pcb_savefpu backwards compat #define. 2001-07-12 12:19:11 +00:00
i4b make driver compile under 4.3-STABLE 2001-07-22 19:55:05 +00:00
i386 Use a machine dependent type, Elf_Hashelt, for the elements of the elf 2001-07-31 03:46:39 +00:00
ia64 GC some obsolete alpha code. 2001-07-31 14:35:36 +00:00
isa Return consistent key action codes at key press and release 2001-07-20 13:05:57 +00:00
isofs/cd9660 - FDESC, FIFO, NULL, PORTAL, PROC, UMAP and UNION file 2001-05-23 09:42:29 +00:00
kern o Introduce new kern.security sysctl tree for kernel security policy 2001-07-31 15:48:21 +00:00
libkern Sync to OpenBSD (update comment and minor style change). 2001-07-24 11:34:22 +00:00
modules Unbreak ip_mroute_mod 2001-07-25 20:15:17 +00:00
net If LCP proto-rej is received, drop the protocol mentioned by the message. 2001-07-31 07:27:01 +00:00
netatalk
netatm Commited patch for uni signaling fix. 2001-07-11 16:31:50 +00:00
netgraph If an attempt is made to LISTEN for a service tag that's already being 2001-07-25 03:34:07 +00:00
netinet Fix a warning. 2001-07-27 00:04:39 +00:00
netinet6 move ipsec security policy allocation into in_pcballoc, before 2001-07-26 19:19:49 +00:00
netipx Undo part of the tangle of having sys/lock.h and sys/mutex.h included in 2001-05-01 08:13:21 +00:00
netkey Sync with recent KAME. 2001-06-11 12:39:29 +00:00
netnatm Change a couple of M_WAITOKs used in M_PREPEND() to M_TRYWAITs, which 2001-04-05 04:20:48 +00:00
netncp Fix warning: 203: implicit declaration of function `kernel_sysctlbyname' 2001-06-15 07:37:01 +00:00
netns
netsmb Remove bogus include. 2001-06-14 11:05:01 +00:00
nfs Check the filehandle size when mounting. 2001-07-30 20:01:59 +00:00
nfsclient Check the filehandle size when mounting. 2001-07-30 20:01:59 +00:00
nfsserver With Alfred's permission, remove vm_mtx in favor of a fine-grained approach 2001-07-04 16:20:28 +00:00
pc98 Removed PLIP support. 2001-07-31 03:39:35 +00:00
pccard Fix typo where I assigned the bus tag and not the bus handled. It 2001-07-31 15:42:44 +00:00
pci Pacify users who get all bent out of shape when they see the "xl%d: command 2001-07-27 20:55:45 +00:00
posix4 o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx(). 2001-07-05 17:10:46 +00:00
powerpc Use a machine dependent type, Elf_Hashelt, for the elements of the elf 2001-07-31 03:46:39 +00:00
rpc Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and 2001-03-19 12:50:13 +00:00
sparc64 Flesh out the sparc64 port considerably. This contains: 2001-07-31 06:05:05 +00:00
svr4
sys Machine dependent ifdefs for sparc64. 2001-07-31 04:14:30 +00:00
tools replace calls to non-existant bail() subroutine with calls to 2001-03-23 11:48:50 +00:00
ufs Two recent commits in sys/ufs/ufs interacted badly with ext2fs 2001-07-29 22:26:01 +00:00
vm Oops. Last commit to vm_object.c should have got these files too. 2001-07-31 04:09:52 +00:00
Makefile