![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / bin / systrace
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.28, Mon Apr 25 19:09:25 2016 UTC (8 years, 1 month ago) by tedu
Branch: MAIN
CVS Tags: HEAD
Changes since 1.27: +1 -1 lines
FILE REMOVED
boom goes the dynamite
Revision 1.27 / (download) - annotate - [select for diffs], Fri Jan 16 00:19:12 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.26: +3 -3 lines
Diff to previous 1.26 (colored)
move to PATH_MAX, etc; normalize includes for life in the <limits.h> universe ok guenther millert
Revision 1.26 / (download) - annotate - [select for diffs], Thu Aug 23 00:08:36 2012 UTC (11 years, 9 months ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
Reopen the systrace file in the process that will actually attach to the target process(es), so that systrace files can be made unsharable. ok djm@
Revision 1.25 / (download) - annotate - [select for diffs], Sun Sep 18 23:24:14 2011 UTC (12 years, 8 months ago) by matthew
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.24: +10 -2 lines
Diff to previous 1.24 (colored)
Add support for *at(2) system calls to systrace(1). ok deraadt@, sthen@, jasper@
Revision 1.24 / (download) - annotate - [select for diffs], Sun Jul 2 12:34:15 2006 UTC (17 years, 11 months ago) by sturm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.23: +9 -5 lines
Diff to previous 1.23 (colored)
sync with systrace 1.6d, keeping local changes tests and feedback by a few
Revision 1.23 / (download) - annotate - [select for diffs], Sat Jun 10 07:19:13 2006 UTC (18 years ago) by sturm
Branch: MAIN
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)
add a translation for sendmsg() from provos, with feedback from ray and pat
Revision 1.22 / (download) - annotate - [select for diffs], Tue May 2 19:49:05 2006 UTC (18 years, 1 month ago) by sturm
Branch: MAIN
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored)
some type cleanup with feedback from kettenis
Revision 1.21 / (download) - annotate - [select for diffs], Wed Jul 7 07:31:40 2004 UTC (19 years, 11 months ago) by marius
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.20: +3 -2 lines
Diff to previous 1.20 (colored)
fix an issue when scripts are exec'd under systrace where the argv[0] would be normalized, and hence break scripts that depend on how they were called. this fixes an issue in the ports builds. ok provos@ deraadt@; lots of testing during hackathon sturm@ naddy@
Revision 1.20 / (download) - annotate - [select for diffs], Wed Jun 23 05:16:35 2004 UTC (19 years, 11 months ago) by marius
Branch: MAIN
Changes since 1.19: +3 -1 lines
Diff to previous 1.19 (colored)
a few fixes to systrace - add an exec message so that whenever a set-uid/gid process exec's a new image which we may control, the exec does not go by unnoticed. - take special care to check for P_SUGIDEXEC as well as P_SUGID, corresponding to the same changes that were made in the ptrace code a while ago ok niels@, sturm@; thanks to naddy for testing
Revision 1.19 / (download) - annotate - [select for diffs], Wed Oct 8 16:32:44 2003 UTC (20 years, 8 months ago) by sturm
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.18: +9 -5 lines
Diff to previous 1.18 (colored)
originally from cb@openbsd.org, adapted by provos itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@
Revision 1.18 / (download) - annotate - [select for diffs], Mon Aug 4 18:15:11 2003 UTC (20 years, 10 months ago) by sturm
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
several diffs from Niels as applied to NetBSD monkey.org/NetBSD commit messages: - get rid of retarded CWD handling. CWD is fixed to the CWD of the systrace that started everything. - normalize file name function - normalize CWD for cases where CWD has a symlink in it. should solve problems where CWD policies would not match. - avoid warning due to name collision. - fixed contrived race condition during attachment; from marius@monkey.org itojun@ ok
Revision 1.17 / (download) - annotate - [select for diffs], Mon Jun 16 06:36:40 2003 UTC (21 years ago) by itojun
Branch: MAIN
Changes since 1.16: +3 -1 lines
Diff to previous 1.16 (colored)
- limited number of processes per systrace - escape fixes for special characters markus, sturm ok. from provos
Revision 1.16 / (download) - annotate - [select for diffs], Thu Feb 20 22:03:31 2003 UTC (21 years, 3 months ago) by art
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)
Fix a crash in the systrace found by form@ One is a kernel fix that changes the lockin and one is a userland fix that prevents dereferencing a freed pointer. From provos deraadt@ ok
Revision 1.15 / (download) - annotate - [select for diffs], Mon Dec 9 07:22:53 2002 UTC (21 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.14: +3 -1 lines
Diff to previous 1.14 (colored)
prevent the use of permit for aliases. from provos
Revision 1.14 / (download) - annotate - [select for diffs], Tue Nov 26 03:48:07 2002 UTC (21 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
performance improvement by omitting a redundant getcwd. from provos
Revision 1.13 / (download) - annotate - [select for diffs], Wed Oct 16 15:01:08 2002 UTC (21 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.12: +16 -4 lines
Diff to previous 1.12 (colored)
support for privilege elevation. with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos
Revision 1.12 / (download) - annotate - [select for diffs], Wed Oct 9 03:52:10 2002 UTC (21 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.11: +8 -5 lines
Diff to previous 1.11 (colored)
predicates are part of the grammar now; in non-root case, predicates are evaluated only once; in root case, predicates and variable expansion are dynamic. from provos
Revision 1.11 / (download) - annotate - [select for diffs], Sun Aug 4 04:15:50 2002 UTC (21 years, 10 months ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)
keep track of ppid and allow matching rules to be logged via syslog.
Revision 1.10 / (download) - annotate - [select for diffs], Thu Aug 1 20:16:45 2002 UTC (21 years, 10 months ago) by provos
Branch: MAIN
Changes since 1.9: +6 -1 lines
Diff to previous 1.9 (colored)
the last component in a filename for unlink may be a symlink
Revision 1.9 / (download) - annotate - [select for diffs], Mon Jul 22 04:02:39 2002 UTC (21 years, 10 months ago) by provos
Branch: MAIN
Changes since 1.8: +6 -6 lines
Diff to previous 1.8 (colored)
add seqnr to message from kernel, userland needs to quote correct seqnr. avoids problems where tsleep has been interrupted by a signal.
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jul 19 14:38:57 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.7: +11 -6 lines
Diff to previous 1.7 (colored)
constify, have missing prototypes, use pedantic compilation options. niels ok
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jul 16 01:22:48 2002 UTC (21 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.6: +10 -3 lines
Diff to previous 1.6 (colored)
internal uid/gid tracking. permit can not detach systrace, useful for sshd.
Revision 1.6 / (download) - annotate - [select for diffs], Fri Jul 12 12:26:29 2002 UTC (21 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
some clean up. install argument replacements only if we are going to
permit the system call. translate some set[e]{g,u}id calls
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jul 9 20:46:18 2002 UTC (21 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
allow systrace to run in the background if possible so that the executed process gets the terminal correctly and exit status reporting works; based on a diff from atatat@atatdot.net from netbsd.
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jul 9 15:22:27 2002 UTC (21 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored)
support for system call aliasing. stat/fstat/readlink/access etc... gets grouped into fsread, unlink/rmdir/mkdir goes to fswrite. open switches back between fsread and fswrite depending on oflags parameter.
Revision 1.3 / (download) - annotate - [select for diffs], Fri Jun 21 15:26:06 2002 UTC (21 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.2: +16 -2 lines
Diff to previous 1.2 (colored)
rewrite all system call arguments in the permit case. use realpath when we still have the root and we of the monitored process. this eliminates almost all race coniditions.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 10 19:16:26 2002 UTC (22 years ago) by provos
Branch: MAIN
Changes since 1.1: +3 -1 lines
Diff to previous 1.1 (colored)
support attaching to a running process; some code by fries@
Revision 1.1 / (download) - annotate - [select for diffs], Tue Jun 4 17:20:04 2002 UTC (22 years ago) by provos
Branch: MAIN
initial import of systrace. don't touch this, more stuff coming in a while