| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than maintaining an incomplete list of MAC modules references,
just reference mac(4), where such a list can be found.
Reviewed by: Mina Galić <freebsd@igalic.co>
Reviewed by: Pau Amma <pauamma@gundo.com>
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40485
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the system state, including sensitive data such as
signing keys.
However, having some access to debugger functionality on production
systems may be useful in determining the cause of a panic or hang.
Therefore, it is desirable to have an optional policy which allows
limited use of ddb(4) while disabling the functionality which could
reveal system secrets.
This loadable MAC module allows for the use of some ddb(4) commands
while preventing the execution of others. The commands have been broadly
grouped into three categories:
- Those which are 'safe' and will not emit sensitive data (e.g. trace).
Generally, these commands are deterministic and don't accept
arguments.
- Those which are definitively unsafe (e.g. examine <addr>, search
<addr> <value>)
- Commands which may be safe to execute depending on the arguments
provided (e.g. show thread <addr>).
Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag.
Commands requiring extra validation can provide a function to do so.
For example, 'show thread <addr>' can be used as long as addr can be
checked against the system's list of process structures.
The policy also prevents debugger backends other than ddb(4) from
executing, for example gdb(4).
Reviewed by: markj, pauamma_gundo.com (manpages)
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35371
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
While here, fix all links to older en_US.ISO8859-1 documentation
in the src/ tree.
PR: 255026
Reported by: Michael Büker <freebsd@michael-bueker.de>
Reviewed by: dbaio
Approved by: blackend (mentor), re (gjb)
MFC after: 10 days
Differential Revision: https://reviews.freebsd.org/D30265
|
|
|
|
| |
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
- Primarily http -> https
- Primarily FreeBSD project URLs
Notes:
svn path=/head/; revision=325096
|
|
|
|
|
|
|
|
|
|
|
|
| |
to no longer claim they are experimental.
Reviewed by: rwatson@, wblock@
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D2985
Notes:
svn path=/head/; revision=285873
|
|
|
|
| |
Notes:
svn path=/head/; revision=202386
|
|
|
|
|
|
|
| |
"Architecture Handbook".
Notes:
svn path=/head/; revision=160261
|
|
|
|
|
|
|
|
|
| |
not in the Developers handbook.
Submitted by: Samy Al Bahra
Notes:
svn path=/head/; revision=160247
|
|
|
|
|
|
|
| |
Approved by: re (hrs)
Notes:
svn path=/head/; revision=147647
|
|
|
|
|
|
|
|
| |
Ok'ed by: rwatson
MFC after: 3 days
Notes:
svn path=/head/; revision=141359
|
|
|
|
|
|
|
| |
MFC after: 3 days
Notes:
svn path=/head/; revision=141355
|
|
|
|
| |
Notes:
svn path=/head/; revision=140561
|
|
|
|
| |
Notes:
svn path=/head/; revision=131530
|
|
|
|
| |
Notes:
svn path=/head/; revision=130582
|
|
|
|
|
|
|
|
|
|
|
|
| |
ranges.
Add additional credits for contributions to the MAC Framework.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
Notes:
svn path=/head/; revision=126256
|
|
|
|
|
|
|
|
| |
man pages (though not from copyright notices). While I'm here, add email
addresses where appropriate.
Notes:
svn path=/head/; revision=124963
|
|
|
|
|
|
|
|
|
| |
SEE ALSO section.
Sponsored by: DARPA, Network Associates Laboratories
Notes:
svn path=/head/; revision=108936
|
|
|
|
| |
Notes:
svn path=/head/; revision=108317
|
|
|
|
|
|
|
|
| |
Prompted by: rwatson, dcs
Sponsored by: DARPA, Network Associates Labs
Notes:
svn path=/head/; revision=107795
|
|
|
|
|
|
|
| |
Approved by: re
Notes:
svn path=/head/; revision=107780
|
|
|
|
|
|
|
|
| |
Approved by: re
Sponsored by: DARPA, Network Associates Labs
Notes:
svn path=/head/; revision=107478
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NAI.
Add cautionary notes on the experimental status of the MAC Framework
in FreeBSD 5.0.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Notes:
svn path=/head/; revision=106419
|
|
associated with the TrustedBSD MAC Framework, as well as some credits
to developers and contributors.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Notes:
svn path=/head/; revision=105665
|