Re: svn commit: r335402 - head/sbin/veriexecctl

On 20 Jun 2018, at 15:32, Jonathan T. Looney wrote: On Wed, Jun 20, 2018 at 9:49 AM Stephen Kiernan wrote: And I was working on those sets of changes, when work and family didn't steal away time. I was told that some discussion happened at BSDCan this year in such that veriexec should go in

Re: svn commit: r334931 - in head: . sys/sys

sys/capability.h after... maybe the 12-STABLE branch? Jon -- Jonathan Anderson jonat...@freebsd.org ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-uns

Re: svn commit: r328593 - head/release/scripts

packages, etc. Jon -- Jonathan Anderson jonat...@freebsd.org ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r324712 - head/share/mk

Author: jonathan Date: Wed Oct 18 00:33:20 2017 New Revision: 324712 URL: https://svnweb.freebsd.org/changeset/base/324712 Log: Improve computation of {BC,LL}OBJS. Now that OBJS has grown an OBJS_SRCS_FILTER variable, use this variable in the computation of BCOBJS and LLOBJS too. Also

svn commit: r324711 - head/share/mk

Author: jonathan Date: Wed Oct 18 00:30:15 2017 New Revision: 324711 URL: https://svnweb.freebsd.org/changeset/base/324711 Log: Improve logic of CLEANFILES+=${PROG_FULL}.{bc,ll}. The build rule describing how to create ${PROG_FULL}.{bc,ll} is only dependent on LLVM_LINK being defined,

svn commit: r324695 - head/share/mk

Author: jonathan Date: Tue Oct 17 16:29:50 2017 New Revision: 324695 URL: https://svnweb.freebsd.org/changeset/base/324695 Log: Add LLVM IR libraries to CLEANFILES. We previously taught the build system how to create files like libfoo.bc, but neglected to teach it about cleaning such

svn commit: r323365 - in head: cddl/lib/libzpool gnu/usr.bin/binutils/libbfd usr.bin/svn/lib/libsvn_client

Author: jonathan Date: Sat Sep 9 13:18:32 2017 New Revision: 323365 URL: https://svnweb.freebsd.org/changeset/base/323365 Log: Remove redundant source and object files. Reviewed by: bdrewery, ngie MFC after:1 week Sponsored by: DARPA, AFRL Differential Revision:

svn commit: r322314 - head/usr.bin/calendar/calendars

tates, 1980 +03/26 Jonathan Anderson <jonat...@freebsd.org> born in Ottawa, Ontario, Canada, 1983 03/27 Josef El-Rayes <jo...@freebsd.org> born in Linz, Austria, 1982 03/28 Sean C. Farley <s...@freebsd.org> born in Indianapolis, Indiana, United States, 1970 03/29 Thier

Re: svn commit: r318431 - head/libexec/rtld-elf

On 05/18/17 04:13, Baptiste Daroussin wrote: On Wed, May 17, 2017 at 10:51:28PM +, Jonathan Anderson wrote: +void print_usage(const char *argv0) Style(9) bug :) Duly noted. :) It looks like kib@ has already sorted this out in his timezone. Jon -- jonat...@freebsd.org

svn commit: r318432 - head/libexec/rtld-elf

Author: jonathan Date: Thu May 18 00:32:05 2017 New Revision: 318432 URL: https://svnweb.freebsd.org/changeset/base/318432 Log: Fix some nroff syntax in rtld.1. When I originally documented the LD_LIBRARY_PATH_FDS environment variable, I used `.Ev` rather than `.It Ev` to introduce it;

svn commit: r318431 - head/libexec/rtld-elf

Author: jonathan Date: Wed May 17 22:51:28 2017 New Revision: 318431 URL: https://svnweb.freebsd.org/changeset/base/318431 Log: Allow rtld direct-exec to take a file descriptor. When executing rtld directly, allow a file descriptor to be explicitly specified rather than opened from the

svn commit: r318352 - head/libexec/rtld-elf

Author: jonathan Date: Tue May 16 13:27:44 2017 New Revision: 318352 URL: https://svnweb.freebsd.org/changeset/base/318352 Log: Rename rtld's parse_libdir to parse_integer. This is a more accurate name, as the integer doesn't have to be a library directory descriptor. It is also a

Re: svn commit: r318313 - head/libexec/rtld-elf

On 15 May 2017, at 16:44, Jonathan Anderson wrote: You can already execute "non-executable" binaries using the `exec` shell built-in: ``` $ cp /bin/sh . $ chmod -x sh $ exec sh ``` Er, oops: I ought to have said, you can execute non-executable binaries by copying and markin

Re: svn commit: r318313 - head/libexec/rtld-elf

to execute a binary even if the sysadmin had set it to -x specifically to prevent people from running it. You can already execute "non-executable" binaries using the `exec` shell built-in: ``` $ cp /bin/sh . $ chmod -x sh $ exec sh ``` Jon -- Jonathan Anderson jonat...@f

Re: svn commit: r308181 - in head: . share/mk

es (vs the sys.mk changes that affect everybody). Jon -- Jonathan Anderson jonat...@freebsd.org ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-he

Re: svn commit: r308181 - in head: . share/mk

xes should already be included because of bsd.suffixes-posix.mk (included from sys.mk). This SUFFIXES change, on the other hand, is to add the .ll and .bc suffixes for the final build products (IR "binaries" and "libraries"). I hope this clears up any confusion, Jon -- Jonathan Anderson jonat...@freebsd.org signature.asc Description: OpenPGP digital signature

svn commit: r308181 - in head: . share/mk

Author: jonathan Date: Tue Nov 1 21:27:42 2016 New Revision: 308181 URL: https://svnweb.freebsd.org/changeset/base/308181 Log: Add rules to build LLVM IR binaries and libraries. Running `make libfoo.ll` or `make libfoo.bc` within a library directory will now give us an LLVM IR version

svn commit: r307676 - head/share/mk

Author: jonathan Date: Thu Oct 20 15:14:21 2016 New Revision: 307676 URL: https://svnweb.freebsd.org/changeset/base/307676 Log: Add make rules to build LLVM IR from C/C++ sources. As a foundation for future work with LLVM's Intermediate Representation (IR), add new suffix rules that can

svn commit: r307075 - head/share/mk

Author: jonathan Date: Wed Oct 12 00:42:46 2016 New Revision: 307075 URL: https://svnweb.freebsd.org/changeset/base/307075 Log: Extract suffix rules into bsd.suffixes[-posix].mk. Refactor make suffix rules into separate files (one for POSIX and one not), and rationalise the rules so that

Re: svn commit: r286170 - head/share/man/man9

> On Aug 4, 2015, at 8:18 AM, Hans Petter Selasky wrote: > > Wouldn't the argument be the same for queue.3 . Once C-compilers finally > decide to compile time support queues, we should throw queue.3 aswell? Sure! Not right away, and not in a way that causes unnecessary

svn commit: r282906 - head/sys/kern

Author: jonathan Date: Thu May 14 15:14:03 2015 New Revision: 282906 URL: https://svnweb.freebsd.org/changeset/base/282906 Log: Allow sizeof(cpuset_t) to be queried in capability mode. This allows functions that retrieve and inspect pthread_attr_t objects to work correctly: querying the

svn commit: r267678 - head/libexec/rtld-elf

Author: jonathan Date: Fri Jun 20 17:08:32 2014 New Revision: 267678 URL: http://svnweb.freebsd.org/changeset/base/267678 Log: Add the LD_LIBRARY_PATH_FDS environmental variable. This variable allows the loading of shared libraries via directory descriptors rather than via library paths.

svn commit: r267679 - in head: etc/mtree libexec/rtld-elf libexec/rtld-elf/tests libexec/rtld-elf/tests/libpythagoras libexec/rtld-elf/tests/target

/rtld-elf/tests/ld_library_pathfds.cFri Jun 20 17:14:59 2014(r267679) @@ -0,0 +1,220 @@ +/*- + * Copyright 2014 Jonathan Anderson. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following

svn commit: r262166 - head/sys/sys

Author: jonathan Date: Tue Feb 18 14:54:56 2014 New Revision: 262166 URL: http://svnweb.freebsd.org/changeset/base/262166 Log: Add more __BEGIN_DECLS / __END_DECLS to sys/capability.h. capability.h currently only wraps some of its declarations in __BEGIN_DECLS/__END_DECLS, so cap_enter(),

svn commit: r226098 - head/sys/kern

Author: jonathan Date: Fri Oct 7 09:51:12 2011 New Revision: 226098 URL: http://svn.freebsd.org/changeset/base/226098 Log: Change one printf() to log(). As noted in kern/159780, printf() is not very jail-friendly, since it can't be easily monitored by jail management tools. This patch

svn commit: r224987 - in head: lib/libc/sys sys/compat/linux sys/conf sys/kern sys/sys

was developed as part of the +.Tn TrustedBSD +Project. +.Sh AUTHORS +.An -nosplit +These functions and the capability facility were created by +.An Robert N. M. Watson Aq rwat...@freebsd.org +and +.An Jonathan Anderson Aq jonat...@freebsd.org +at the University of Cambridge Computer Laboratory with support

svn commit: r224988 - in head/sys: kern sys

Author: jonathan Date: Thu Aug 18 23:08:52 2011 New Revision: 224988 URL: http://svn.freebsd.org/changeset/base/224988 Log: Auto-generated system call code based on r224987. Approved by: re (implicit) Modified: head/sys/kern/init_sysent.c head/sys/kern/syscalls.c

svn commit: r224989 - head/tools/regression/security/cap_test

. M. Watson + * Copyright (c) 2011 Jonathan Anderson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above

svn commit: r224910 - in head: sys/kern tools/regression/security/cap_test

Author: jonathan Date: Tue Aug 16 14:14:56 2011 New Revision: 224910 URL: http://svn.freebsd.org/changeset/base/224910 Log: poll(2) implementation for capabilities. When calling poll(2) on a capability, unwrap first and then poll the underlying object. Approved by: re (kib), mentor

Re: svn commit: r224778 - in head: sys/amd64/linux32 sys/cddl/compat/opensolaris/sys sys/compat/freebsd32 sys/compat/linux sys/compat/svr4 sys/dev/aac sys/dev/amr sys/dev/hwpmc sys/dev/ipmi sys/dev/is

= fget(td, sockarg.sock, CAP_SOCK_ALL, fp)) != 0)                        goto out; -                       return (error);                if (fp-f_type != DTYPE_SOCKET) {                        fdrop(fp, td);                        error = EPERM; %%% -- Jaakko -- Jonathan Anderson jonat

svn commit: r224911 - head/sys/fs/nfsserver

Author: jonathan Date: Tue Aug 16 14:23:16 2011 New Revision: 224911 URL: http://svn.freebsd.org/changeset/base/224911 Log: Fix a merge conflict. r224086 added goto out-style error handling to nfssvc_nfsd(), in order to reliably call NFSEXITCODE() before returning. Our Capsicum changes,

Re: svn commit: r224778 - in head: sys/amd64/linux32 sys/cddl/compat/opensolaris/sys sys/compat/freebsd32 sys/compat/linux sys/compat/svr4 sys/dev/aac sys/dev/amr sys/dev/hwpmc sys/dev/ipmi sys/dev/is

Fixed in r224911. Jon On 16 August 2011 14:57, Jonathan Anderson jonat...@freebsd.org wrote: It looks like r224086 added goto out error handling, so our return (error) seems to be a merge conflict. Sorry, I'll ask RE if I can fix that right now. Jon On 16 August 2011 13:29, Jaakko

svn commit: r224810 - in head/sys: kern sys

Author: jonathan Date: Sat Aug 13 09:21:16 2011 New Revision: 224810 URL: http://svn.freebsd.org/changeset/base/224810 Log: Allow Capsicum capabilities to delegate constrained access to file system subtrees to sandboxed processes. - Use of absolute paths and '..' are limited in

svn commit: r224812 - head/sys/kern

Author: jonathan Date: Sat Aug 13 10:43:21 2011 New Revision: 224812 URL: http://svn.freebsd.org/changeset/base/224812 Log: Allow openat(2), fstatat(2), etc. in capability mode. namei() and lookup() can now perform strictly relative lookups. Such lookups, performed when in capability

svn commit: r224797 - in head: sys/kern sys/sys tools/regression/security/cap_test

Author: jonathan Date: Fri Aug 12 14:26:47 2011 New Revision: 224797 URL: http://svn.freebsd.org/changeset/base/224797 Log: Rename CAP_*_KEVENT to CAP_*_EVENT. Change the names of a couple of capability rights to be less FreeBSD-specific. Approved by: re (kib), mentor (rwatson)

svn commit: r224781 - head/sys/kern

Author: jonathan Date: Thu Aug 11 13:29:59 2011 New Revision: 224781 URL: http://svn.freebsd.org/changeset/base/224781 Log: Only call fdclose() on successfully-opened FDs. Since kern_openat() now uses falloc_noinstall() and finstall() separately, there are cases where we could get to

svn commit: r224784 - head/tools/regression/security/cap_test

Author: jonathan Date: Thu Aug 11 15:52:06 2011 New Revision: 224784 URL: http://svn.freebsd.org/changeset/base/224784 Log: Use the right printf() format string without a cast to maxint_t. As per kib's suggestion, we also change test_count from a size_t to an int; its value at the moment

svn commit: r224721 - head/sys/sys

Author: jonathan Date: Mon Aug 8 20:36:52 2011 New Revision: 224721 URL: http://svn.freebsd.org/changeset/base/224721 Log: Create timeval2timespec() and timespec2timeval(). These functions will be used by process descriptors to convert process creation time into process descriptor

svn commit: r224660 - head/tools/regression/security/cap_test

Author: jonathan Date: Fri Aug 5 17:43:11 2011 New Revision: 224660 URL: http://svn.freebsd.org/changeset/base/224660 Log: Expect fchflags(2) to fail with EOPNOTSUPP on NFS. Even if we have CAP_FCHFLAGS, fchflags(2) fails on NFS. This is normal and expected, so don't fail the test

svn commit: r224651 - head/tools/regression/security/cap_test

/cap_test/cap_test.c Thu Aug 4 14:18:09 2011(r224650) +++ head/tools/regression/security/cap_test/cap_test.c Thu Aug 4 14:20:13 2011(r224651) @@ -1,5 +1,6 @@ /*- * Copyright (c) 2008-2011 Robert N. M. Watson + * Copyright (c) 2011 Jonathan Anderson * All rights reserved

svn commit: r224268 - head/sys/kern

Author: jonathan Date: Fri Jul 22 12:50:21 2011 New Revision: 224268 URL: http://svn.freebsd.org/changeset/base/224268 Log: Turn on AUDIT_ARG_RIGHTS() for cap_new(2). Now that the code is in place to audit capability method rights, start using it to audit the 'rights' argument to

svn commit: r224255 - head/sys/sys

Author: jonathan Date: Thu Jul 21 21:08:33 2011 New Revision: 224255 URL: http://svn.freebsd.org/changeset/base/224255 Log: Declare more capability method rights. This is a complete set of rights that can be held in a capability's rights mask. Approved by: re (kib), mentor (rwatson)

svn commit: r224225 - in head/sys: kern sys

Author: jonathan Date: Wed Jul 20 09:53:35 2011 New Revision: 224225 URL: http://svn.freebsd.org/changeset/base/224225 Log: Export capability information via sysctls. When reporting on a capability, flag the fact that it is a capability, but also unwrap to report all of the usual

svn commit: r224227 - head/lib/libc/sys

Author: jonathan Date: Wed Jul 20 13:29:39 2011 New Revision: 224227 URL: http://svn.freebsd.org/changeset/base/224227 Log: Add cap_new(2) and cap_getrights(2) symbols to libc. These system calls have already been implemented in the kernel; now we hook up libc symbols so userspace can

svn commit: r224181 - head/sys/security/audit

Author: jonathan Date: Mon Jul 18 12:58:18 2011 New Revision: 224181 URL: http://svn.freebsd.org/changeset/base/224181 Log: Provide ability to audit cap_rights_t arguments. We wish to be able to audit capability rights arguments; this code provides the necessary infrastructure. This

svn commit: r224056 - in head/sys: kern sys

Author: jonathan Date: Fri Jul 15 09:37:14 2011 New Revision: 224056 URL: http://svn.freebsd.org/changeset/base/224056 Log: Add implementation for capabilities. Code to actually implement Capsicum capabilities, including fileops and kern_capwrap(), which creates a capability to wrap an

svn commit: r224066 - in head/sys: compat/freebsd32 kern sys

Author: jonathan Date: Fri Jul 15 18:26:19 2011 New Revision: 224066 URL: http://svn.freebsd.org/changeset/base/224066 Log: Add cap_new() and cap_getrights() system calls. Implement two previously-reserved Capsicum system calls: - cap_new() creates a capability to wrap an existing file

svn commit: r223865 - head/tools/regression/kqueue

Author: jonathan Date: Fri Jul 8 12:16:30 2011 New Revision: 223865 URL: http://svn.freebsd.org/changeset/base/223865 Log: Clarify the meaning of a test. Rather than using err() if either of two failure conditions fires (which can produce spurious error messages), just use errx() if

svn commit: r223866 - head/sys/kern

Author: jonathan Date: Fri Jul 8 12:19:25 2011 New Revision: 223866 URL: http://svn.freebsd.org/changeset/base/223866 Log: Fix the passability test in fdcopy(). Rather than checking to see if a descriptor is a kqueue, check to see if its fileops flags include DFLAG_PASSABLE. At the

svn commit: r223843 - head/sys/fs/smbfs

Author: jonathan Date: Thu Jul 7 17:00:42 2011 New Revision: 223843 URL: http://svn.freebsd.org/changeset/base/223843 Log: Make a comment more accurate. This comment refers to CAP_NT_SMBS, which does not exist; it should refer to SMB_CAP_NT_SMBS. Fixing this comment makes it easier for

svn commit: r223845 - head/tools/regression/kqueue

Author: jonathan Date: Thu Jul 7 18:07:03 2011 New Revision: 223845 URL: http://svn.freebsd.org/changeset/base/223845 Log: Ensure that kqueue is not inherited across fork(). Modify the existing unit test (from libkqueue) which already exercises process events via fork() and kill().

svn commit: r223785 - in head/sys: kern sys

Author: jonathan Date: Tue Jul 5 13:45:10 2011 New Revision: 223785 URL: http://svn.freebsd.org/changeset/base/223785 Log: Rework _fget to accept capability parameters. This new version of _fget() requires new parameters: - cap_rights_t needrights the rights that we expect the

svn commit: r223762 - in head/sys: kern sys

Author: jonathan Date: Mon Jul 4 14:40:32 2011 New Revision: 223762 URL: http://svn.freebsd.org/changeset/base/223762 Log: Add kernel functions to unwrap capabilities. cap_funwrap() and cap_funwrap_mmap() unwrap capabilities, exposing the underlying object. Attempting to unwrap a

svn commit: r223723 - head/sys/conf

Author: jonathan Date: Sat Jul 2 15:41:22 2011 New Revision: 223723 URL: http://svn.freebsd.org/changeset/base/223723 Log: Define the CAPABILITIES kernel option. This option will enable Capsicum capabilities, which provide a fine-grained mask on operations that can be performed on file

svn commit: r223710 - head/sys/sys

Author: jonathan Date: Fri Jul 1 12:13:48 2011 New Revision: 223710 URL: http://svn.freebsd.org/changeset/base/223710 Log: Define cap_rights_t and DTYPE_CAPABILITY, which are required to implement Capsicum capabilities. Approved by: mentor (rwatson), re (bz) Modified:

svn commit: r223668 - in head/sys: amd64/amd64 arm/arm conf i386/i386 kern

Author: jonathan Date: Wed Jun 29 13:03:05 2011 New Revision: 223668 URL: http://svn.freebsd.org/changeset/base/223668 Log: We may split today's CAPABILITIES into CAPABILITY_MODE (which has to do with global namespaces) and CAPABILITIES (which has to do with constraining file descriptors).

svn commit: r223533 - head/sys/kern

Author: jonathan Date: Sat Jun 25 12:37:06 2011 New Revision: 223533 URL: http://svn.freebsd.org/changeset/base/223533 Log: Remove redundant Capsicum sysctl. Since we're now declaring FEATURE(security_capabilities), there's no need for an explicit SYSCTL_NODE. Approved by: rwatson

svn commit: r223505 - head/sys/kern

Author: jonathan Date: Fri Jun 24 14:40:22 2011 New Revision: 223505 URL: http://svn.freebsd.org/changeset/base/223505 Log: Tidy up a capabilities-related comment. This comment refers to an #ifdef that hasn't been merged [yet?]; remove it. Approved by: rwatson Modified:

svn commit: r213532 - head/share/misc

joe [label=Josef karthauser\n...@freebsd.org\n1999/10/22] joerg [label=Joerg wunsch\njo...@freebsd.org\n1993/11/14] jon [label=Jonathan chen\n...@freebsd.org\n2000/10/17] +jonathan [label=Jonathan anderson\njonat...@freebsd.org\n2010/10/07] julian [label=Julian elischer\njul...@freebsd.org\n1993