cvs commit: src/sys/kern kern_prot.c src/sys/security/mac
mac_process.c src/sys/security/mac_stub mac_stub.c
src/sys/security/mac_test mac_test.c src/sys/sys mac.h
mac_policy.h
Robert Watson
rwatson at FreeBSD.org
Sat Apr 16 06:29:15 PDT 2005
rwatson 2005-04-16 13:29:15 UTC
FreeBSD src repository
Modified files:
sys/kern kern_prot.c
sys/security/mac mac_process.c
sys/security/mac_stub mac_stub.c
sys/security/mac_test mac_test.c
sys/sys mac.h mac_policy.h
Log:
Introduce new MAC Framework and MAC Policy entry points to control the use
of system calls to manipulate elements of the process credential,
including:
setuid() mac_check_proc_setuid()
seteuid() mac_check_proc_seteuid()
setgid() mac_check_proc_setgid()
setegid() mac_check_proc_setegid()
setgroups() mac_check_proc_setgroups()
setreuid() mac_check_proc_setreuid()
setregid() mac_check_proc_setregid()
setresuid() mac_check_proc_setresuid()
setresgid() mac_check_rpoc_setresgid()
MAC checks are performed before other existing security checks; both
current credential and intended modifications are passed as arguments
to the entry points. The mac_test and mac_stub policies are updated.
Submitted by: Samy Al Bahra <samy at kerneled.org>
Obtained from: TrustedBSD Project
Revision Changes Path
1.199 +137 -53 src/sys/kern/kern_prot.c
1.107 +137 -0 src/sys/security/mac/mac_process.c
1.46 +75 -0 src/sys/security/mac_stub/mac_stub.c
1.55 +93 -0 src/sys/security/mac_test/mac_test.c
1.61 +18 -0 src/sys/sys/mac.h
1.60 +14 -0 src/sys/sys/mac_policy.h
More information about the cvs-src
mailing list