| Commit message (Expand) | Author | Age | Files | Lines |
* | o A few more minor whitespace and other style fixes. | Robert Watson | 2001-12-06 | 1 | -6/+7 |
* | o Remove unnecessary inclusion of opt_global.h. | Robert Watson | 2001-12-06 | 1 | -1/+0 |
* | o Make kern.security.bsd.suser_enabled TUNABLE. | Robert Watson | 2001-12-05 | 1 | -0/+1 |
* | o Update an instance of 'unprivileged_procdebug_permitted' missed | Robert Watson | 2001-12-03 | 1 | -6/+6 |
* | o Introduce pr_mtx into struct prison, providing protection for the | Robert Watson | 2001-12-03 | 1 | -2/+8 |
* | o Uniformly copy uap arguments into local variables before grabbing | Robert Watson | 2001-12-02 | 1 | -3/+1 |
* | o Remove KSE race in setuid() in which oldcred was preserved before giant | Robert Watson | 2001-12-02 | 1 | -1/+1 |
* | o General style, formatting, etc, improvements: | Robert Watson | 2001-12-02 | 1 | -167/+107 |
* | o Further sysctl name simplification, generally stripping 'permitted', | Robert Watson | 2001-11-30 | 1 | -9/+9 |
* | o Move current inhabitants of kern.security to kern.security.bsd, so | Robert Watson | 2001-11-30 | 1 | -14/+16 |
* | Clean up breakage in inferior() I introduced in 1.92 of kern_proc.c: | John Baldwin | 2001-11-12 | 1 | -0/+3 |
* | o Introduce group subset test, which limits the ability of a process to | Robert Watson | 2001-11-02 | 1 | -8/+36 |
* | o Add a comment to p_candebug() noting that the P_INEXEC check should | Robert Watson | 2001-11-02 | 1 | -1/+6 |
* | o Capabilities cap_check() interface revised to remove _xxx, so rename | Robert Watson | 2001-11-02 | 1 | -1/+1 |
* | Add a P_INEXEC flag that indicates that the process has called execve() and | Dag-Erling Smørgrav | 2001-10-27 | 1 | -0/+4 |
* | Add mtx_lock_giant() and mtx_unlock_giant() wrappers for sysctl management | Matthew Dillon | 2001-10-26 | 1 | -6/+9 |
* | Change the kernel's ucred API as follows: | John Baldwin | 2001-10-11 | 1 | -22/+29 |
* | Whitespace fixes. | John Baldwin | 2001-10-11 | 1 | -2/+2 |
* | Rework some code to be a bit simpler by inverting a few tests and using | John Baldwin | 2001-10-11 | 1 | -22/+12 |
* | Add a temporary hack that will go away with the ucred API update to bzero | John Baldwin | 2001-10-10 | 1 | -0/+1 |
* | - Combine kern.ps_showallprocs and kern.ipc.showallsockets into | Robert Watson | 2001-10-09 | 1 | -2/+12 |
* | o Recent addition of (p1==p2) exception in p_candebug() permitted | Robert Watson | 2001-10-09 | 1 | -2/+9 |
* | Always succeed if the target process is the same as the requesting process. | Dag-Erling Smørgrav | 2001-10-07 | 1 | -0/+3 |
* | o When performing a securelevel check as part of securelevel_ge() or | Robert Watson | 2001-09-26 | 1 | -8/+15 |
* | o So, when <dd> e-mailed me and said that the comment was inverted | Robert Watson | 2001-09-25 | 1 | -6/+6 |
* | o Rename u_cansee() to cr_cansee(), making the name more comprehensible | Robert Watson | 2001-09-20 | 1 | -3/+3 |
* | o Clarification of securelevel_{ge,gt} comment. | Robert Watson | 2001-09-19 | 1 | -2/+2 |
* | o Introduce two new calls, securelevel_gt() and securelevel_ge(), which | Robert Watson | 2001-09-18 | 1 | -3/+57 |
* | KSE Milestone 2 | Julian Elischer | 2001-09-12 | 1 | -75/+124 |
* | Giant Pushdown. Saved the worst P4 tree breakage for last. | Matthew Dillon | 2001-09-01 | 1 | -80/+271 |
* | o Screw over users of the kern.{security.,}suser_permitted sysctl again, | Robert Watson | 2001-08-31 | 1 | -5/+5 |
* | o Improve the style of a number of routines and comments in kern_prot.c, | Robert Watson | 2001-08-28 | 1 | -66/+62 |
* | Fix typos in recent comments. | Robert Watson | 2001-08-28 | 1 | -2/+2 |
* | Generally improve documentation of kern_prot.c: | Robert Watson | 2001-08-27 | 1 | -10/+65 |
* | o Modify p_candebug() such that there is no longer automatic acceptance | Robert Watson | 2001-07-31 | 1 | -3/+0 |
* | o Introduce new kern.security sysctl tree for kernel security policy | Robert Watson | 2001-07-31 | 1 | -3/+11 |
* | o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx(). | Robert Watson | 2001-07-05 | 1 | -51/+12 |
* | Unbreak setregid(2). | Ruslan Ermilov | 2001-06-06 | 1 | -0/+2 |
* | o uifree() the cr_ruidinfo in crfree() as well as cr_uidinfo now that the rea... | Robert Watson | 2001-05-27 | 1 | -0/+2 |
* | o Merge contents of struct pcred into struct ucred. Specifically, add the | Robert Watson | 2001-05-25 | 1 | -180/+271 |
* | o Modify access control checks in p_candebug() such that the policy is as | Robert Watson | 2001-05-17 | 1 | -3/+3 |
* | Undo part of the tangle of having sys/lock.h and sys/mutex.h included in | Mark Murray | 2001-05-01 | 1 | -2/+3 |
* | o Remove the disabled p_cansched() test cases that permitted users to | Robert Watson | 2001-04-27 | 1 | -11/+0 |
* | Change the pfind() and zpfind() functions to lock the process that they | John Baldwin | 2001-04-24 | 1 | -25/+47 |
* | o Remove comment indicating policy permits loop-back debugging, but | Robert Watson | 2001-04-21 | 1 | -1/+0 |
* | Add a sanity check on ucred refcount. | Alfred Perlstein | 2001-04-17 | 1 | -0/+1 |
* | o Since uid checks in p_cansignal() are now identical between P_SUGID | Robert Watson | 2001-04-13 | 1 | -28/+14 |
* | o Disallow two "allow this" exceptions in p_cansignal() restricting | Robert Watson | 2001-04-13 | 1 | -5/+3 |
* | o Disable two "allow this" exceptions in p_cansched()m retricting the | Robert Watson | 2001-04-12 | 1 | -1/+4 |
* | o Reduce information leakage into jails by adding invocations of | Robert Watson | 2001-04-12 | 1 | -0/+9 |