cvs commit: src/sys/kern kern_prot.c src/sys/security/mac mac_process.c src/sys/security/mac_stub mac_stub.c src/sys/security/mac_test mac_test.c src/sys/sys mac.h mac_policy.h

Robert Watson rwatson at FreeBSD.org
Sat Apr 16 06:29:15 PDT 2005


rwatson     2005-04-16 13:29:15 UTC

  FreeBSD src repository

  Modified files:
    sys/kern             kern_prot.c 
    sys/security/mac     mac_process.c 
    sys/security/mac_stub mac_stub.c 
    sys/security/mac_test mac_test.c 
    sys/sys              mac.h mac_policy.h 
  Log:
  Introduce new MAC Framework and MAC Policy entry points to control the use
  of system calls to manipulate elements of the process credential,
  including:
  
          setuid()                mac_check_proc_setuid()
          seteuid()               mac_check_proc_seteuid()
          setgid()                mac_check_proc_setgid()
          setegid()               mac_check_proc_setegid()
          setgroups()             mac_check_proc_setgroups()
          setreuid()              mac_check_proc_setreuid()
          setregid()              mac_check_proc_setregid()
          setresuid()             mac_check_proc_setresuid()
          setresgid()             mac_check_rpoc_setresgid()
  
  MAC checks are performed before other existing security checks; both
  current credential and intended modifications are passed as arguments
  to the entry points.  The mac_test and mac_stub policies are updated.
  
  Submitted by:   Samy Al Bahra <samy at kerneled.org>
  Obtained from:  TrustedBSD Project
  
  Revision  Changes    Path
  1.199     +137 -53   src/sys/kern/kern_prot.c
  1.107     +137 -0    src/sys/security/mac/mac_process.c
  1.46      +75 -0     src/sys/security/mac_stub/mac_stub.c
  1.55      +93 -0     src/sys/security/mac_test/mac_test.c
  1.61      +18 -0     src/sys/sys/mac.h
  1.60      +14 -0     src/sys/sys/mac_policy.h


More information about the cvs-src mailing list