From owner-cvs-all Wed Apr 11 14: 0:46 2001 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C3EAD37B443; Wed, 11 Apr 2001 13:59:42 -0700 (PDT) (envelope-from rwatson@FreeBSD.org) Received: (from rwatson@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f3BKKfk17175; Wed, 11 Apr 2001 13:20:41 -0700 (PDT) (envelope-from rwatson) Message-Id: <200104112020.f3BKKfk17175@freefall.freebsd.org> From: Robert Watson Date: Wed, 11 Apr 2001 13:20:41 -0700 (PDT) To: cvs-committers@freebsd.org, cvs-all@freebsd.org Subject: cvs commit: src/sys/kern syscalls.master kern_prot.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG rwatson 2001/04/11 13:20:41 PDT Modified files: sys/kern syscalls.master kern_prot.c Log: o Introduce a new system call, __setsugid(), which allows a process to toggle the P_SUGID bit explicitly, rather than relying on it being set implicitly by other protection and credential logic. This feature is introduced to support inter-process authorization regression testing by simplifying userland credential management allowing the easy isolation and reproduction of authorization events with specific security contexts. This feature is enabled only by "options REGRESSION" and is not intended to be used by applications. While the feature is not known to introduce security vulnerabilities, it does allow processes to enter previously inaccessible parts of the credential state machine, and is therefore disabled by default. It may not constitute a risk, and therefore in the future pending further analysis (and appropriate need) may become a published interface. Obtained from: TrustedBSD Project Revision Changes Path 1.88 +2 -1 src/sys/kern/syscalls.master 1.79 +24 -1 src/sys/kern/kern_prot.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message