Date: Wed, 11 Apr 2001 13:20:41 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@freebsd.org, cvs-all@freebsd.org Subject: cvs commit: src/sys/kern syscalls.master kern_prot.c Message-ID: <200104112020.f3BKKfk17175@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2001/04/11 13:20:41 PDT
Modified files:
sys/kern syscalls.master kern_prot.c
Log:
o Introduce a new system call, __setsugid(), which allows a process to
toggle the P_SUGID bit explicitly, rather than relying on it being
set implicitly by other protection and credential logic. This feature
is introduced to support inter-process authorization regression testing
by simplifying userland credential management allowing the easy
isolation and reproduction of authorization events with specific
security contexts. This feature is enabled only by "options REGRESSION"
and is not intended to be used by applications. While the feature is
not known to introduce security vulnerabilities, it does allow
processes to enter previously inaccessible parts of the credential
state machine, and is therefore disabled by default. It may not
constitute a risk, and therefore in the future pending further analysis
(and appropriate need) may become a published interface.
Obtained from: TrustedBSD Project
Revision Changes Path
1.88 +2 -1 src/sys/kern/syscalls.master
1.79 +24 -1 src/sys/kern/kern_prot.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104112020.f3BKKfk17175>