From owner-cvs-all@FreeBSD.ORG Sat Apr 16 13:29:15 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC21216A4CE; Sat, 16 Apr 2005 13:29:15 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9EFC643D2F; Sat, 16 Apr 2005 13:29:15 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3GDTFag069894; Sat, 16 Apr 2005 13:29:15 GMT (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3GDTF7X069893; Sat, 16 Apr 2005 13:29:15 GMT (envelope-from rwatson) Message-Id: <200504161329.j3GDTF7X069893@repoman.freebsd.org> From: Robert Watson Date: Sat, 16 Apr 2005 13:29:15 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/sys/kern kern_prot.c src/sys/security/mac mac_process.c src/sys/security/mac_stub mac_stub.c src/sys/security/mac_test mac_test.c src/sys/sys mac.h mac_policy.h X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Apr 2005 13:29:15 -0000 rwatson 2005-04-16 13:29:15 UTC FreeBSD src repository Modified files: sys/kern kern_prot.c sys/security/mac mac_process.c sys/security/mac_stub mac_stub.c sys/security/mac_test mac_test.c sys/sys mac.h mac_policy.h Log: Introduce new MAC Framework and MAC Policy entry points to control the use of system calls to manipulate elements of the process credential, including: setuid() mac_check_proc_setuid() seteuid() mac_check_proc_seteuid() setgid() mac_check_proc_setgid() setegid() mac_check_proc_setegid() setgroups() mac_check_proc_setgroups() setreuid() mac_check_proc_setreuid() setregid() mac_check_proc_setregid() setresuid() mac_check_proc_setresuid() setresgid() mac_check_rpoc_setresgid() MAC checks are performed before other existing security checks; both current credential and intended modifications are passed as arguments to the entry points. The mac_test and mac_stub policies are updated. Submitted by: Samy Al Bahra Obtained from: TrustedBSD Project Revision Changes Path 1.199 +137 -53 src/sys/kern/kern_prot.c 1.107 +137 -0 src/sys/security/mac/mac_process.c 1.46 +75 -0 src/sys/security/mac_stub/mac_stub.c 1.55 +93 -0 src/sys/security/mac_test/mac_test.c 1.61 +18 -0 src/sys/sys/mac.h 1.60 +14 -0 src/sys/sys/mac_policy.h