On 20 Jun 2018, at 15:32, Jonathan T. Looney wrote:
On Wed, Jun 20, 2018 at 9:49 AM Stephen Kiernan
wrote:
And I was working on those sets of changes, when work and family
didn't
steal away time. I was told that some discussion happened at BSDCan
this
year in such that veriexec should go in
sys/capability.h after... maybe the 12-STABLE branch?
Jon
--
Jonathan Anderson
jonat...@freebsd.org
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-uns
packages, etc.
Jon
--
Jonathan Anderson
jonat...@freebsd.org
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Author: jonathan
Date: Wed Oct 18 00:33:20 2017
New Revision: 324712
URL: https://svnweb.freebsd.org/changeset/base/324712
Log:
Improve computation of {BC,LL}OBJS.
Now that OBJS has grown an OBJS_SRCS_FILTER variable, use this variable
in the computation of BCOBJS and LLOBJS too. Also
Author: jonathan
Date: Wed Oct 18 00:30:15 2017
New Revision: 324711
URL: https://svnweb.freebsd.org/changeset/base/324711
Log:
Improve logic of CLEANFILES+=${PROG_FULL}.{bc,ll}.
The build rule describing how to create ${PROG_FULL}.{bc,ll} is only
dependent on LLVM_LINK being defined,
Author: jonathan
Date: Tue Oct 17 16:29:50 2017
New Revision: 324695
URL: https://svnweb.freebsd.org/changeset/base/324695
Log:
Add LLVM IR libraries to CLEANFILES.
We previously taught the build system how to create files like libfoo.bc,
but neglected to teach it about cleaning such
Author: jonathan
Date: Sat Sep 9 13:18:32 2017
New Revision: 323365
URL: https://svnweb.freebsd.org/changeset/base/323365
Log:
Remove redundant source and object files.
Reviewed by: bdrewery, ngie
MFC after:1 week
Sponsored by: DARPA, AFRL
Differential Revision:
tates, 1980
+03/26 Jonathan Anderson <jonat...@freebsd.org> born in Ottawa, Ontario,
Canada, 1983
03/27 Josef El-Rayes <jo...@freebsd.org> born in Linz, Austria, 1982
03/28 Sean C. Farley <s...@freebsd.org> born in Indianapolis, Indiana, United
States, 1970
03/29 Thier
On 05/18/17 04:13, Baptiste Daroussin wrote:
On Wed, May 17, 2017 at 10:51:28PM +, Jonathan Anderson wrote:
+void print_usage(const char *argv0)
Style(9) bug :)
Duly noted. :)
It looks like kib@ has already sorted this out in his timezone.
Jon
--
jonat...@freebsd.org
Author: jonathan
Date: Thu May 18 00:32:05 2017
New Revision: 318432
URL: https://svnweb.freebsd.org/changeset/base/318432
Log:
Fix some nroff syntax in rtld.1.
When I originally documented the LD_LIBRARY_PATH_FDS environment variable,
I used `.Ev` rather than `.It Ev` to introduce it;
Author: jonathan
Date: Wed May 17 22:51:28 2017
New Revision: 318431
URL: https://svnweb.freebsd.org/changeset/base/318431
Log:
Allow rtld direct-exec to take a file descriptor.
When executing rtld directly, allow a file descriptor to be explicitly
specified rather than opened from the
Author: jonathan
Date: Tue May 16 13:27:44 2017
New Revision: 318352
URL: https://svnweb.freebsd.org/changeset/base/318352
Log:
Rename rtld's parse_libdir to parse_integer.
This is a more accurate name, as the integer doesn't have to be a library
directory descriptor. It is also a
On 15 May 2017, at 16:44, Jonathan Anderson wrote:
You can already execute "non-executable" binaries using the `exec`
shell built-in:
```
$ cp /bin/sh .
$ chmod -x sh
$ exec sh
```
Er, oops: I ought to have said, you can execute non-executable binaries
by copying and markin
to execute a
binary even if the sysadmin had set it to -x specifically to prevent
people from running it.
You can already execute "non-executable" binaries using the `exec` shell
built-in:
```
$ cp /bin/sh .
$ chmod -x sh
$ exec sh
```
Jon
--
Jonathan Anderson
jonat...@f
es (vs the sys.mk changes that affect
everybody).
Jon
--
Jonathan Anderson
jonat...@freebsd.org
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-he
xes should already be included because of
bsd.suffixes-posix.mk (included from sys.mk). This SUFFIXES change, on the
other hand, is to add the .ll and .bc suffixes for the final build products (IR
"binaries" and "libraries").
I hope this clears up any confusion,
Jon
--
Jonathan Anderson
jonat...@freebsd.org
signature.asc
Description: OpenPGP digital signature
Author: jonathan
Date: Tue Nov 1 21:27:42 2016
New Revision: 308181
URL: https://svnweb.freebsd.org/changeset/base/308181
Log:
Add rules to build LLVM IR binaries and libraries.
Running `make libfoo.ll` or `make libfoo.bc` within a library directory
will now give us an LLVM IR version
Author: jonathan
Date: Thu Oct 20 15:14:21 2016
New Revision: 307676
URL: https://svnweb.freebsd.org/changeset/base/307676
Log:
Add make rules to build LLVM IR from C/C++ sources.
As a foundation for future work with LLVM's Intermediate Representation (IR),
add new suffix rules that can
Author: jonathan
Date: Wed Oct 12 00:42:46 2016
New Revision: 307075
URL: https://svnweb.freebsd.org/changeset/base/307075
Log:
Extract suffix rules into bsd.suffixes[-posix].mk.
Refactor make suffix rules into separate files (one for POSIX and one not),
and rationalise the rules so that
> On Aug 4, 2015, at 8:18 AM, Hans Petter Selasky wrote:
>
> Wouldn't the argument be the same for queue.3 . Once C-compilers finally
> decide to compile time support queues, we should throw queue.3 aswell?
Sure! Not right away, and not in a way that causes unnecessary
Author: jonathan
Date: Thu May 14 15:14:03 2015
New Revision: 282906
URL: https://svnweb.freebsd.org/changeset/base/282906
Log:
Allow sizeof(cpuset_t) to be queried in capability mode.
This allows functions that retrieve and inspect pthread_attr_t objects to
work correctly: querying the
Author: jonathan
Date: Fri Jun 20 17:08:32 2014
New Revision: 267678
URL: http://svnweb.freebsd.org/changeset/base/267678
Log:
Add the LD_LIBRARY_PATH_FDS environmental variable.
This variable allows the loading of shared libraries via directory descriptors
rather than via library paths.
/rtld-elf/tests/ld_library_pathfds.cFri Jun 20 17:14:59
2014(r267679)
@@ -0,0 +1,220 @@
+/*-
+ * Copyright 2014 Jonathan Anderson.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following
Author: jonathan
Date: Tue Feb 18 14:54:56 2014
New Revision: 262166
URL: http://svnweb.freebsd.org/changeset/base/262166
Log:
Add more __BEGIN_DECLS / __END_DECLS to sys/capability.h.
capability.h currently only wraps some of its declarations in
__BEGIN_DECLS/__END_DECLS, so cap_enter(),
Author: jonathan
Date: Fri Oct 7 09:51:12 2011
New Revision: 226098
URL: http://svn.freebsd.org/changeset/base/226098
Log:
Change one printf() to log().
As noted in kern/159780, printf() is not very jail-friendly, since it can't
be easily monitored by jail management tools. This patch
was developed as part of the
+.Tn TrustedBSD
+Project.
+.Sh AUTHORS
+.An -nosplit
+These functions and the capability facility were created by
+.An Robert N. M. Watson Aq rwat...@freebsd.org
+and
+.An Jonathan Anderson Aq jonat...@freebsd.org
+at the University of Cambridge Computer Laboratory with support
Author: jonathan
Date: Thu Aug 18 23:08:52 2011
New Revision: 224988
URL: http://svn.freebsd.org/changeset/base/224988
Log:
Auto-generated system call code based on r224987.
Approved by: re (implicit)
Modified:
head/sys/kern/init_sysent.c
head/sys/kern/syscalls.c
. M. Watson
+ * Copyright (c) 2011 Jonathan Anderson
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above
Author: jonathan
Date: Tue Aug 16 14:14:56 2011
New Revision: 224910
URL: http://svn.freebsd.org/changeset/base/224910
Log:
poll(2) implementation for capabilities.
When calling poll(2) on a capability, unwrap first and then poll the
underlying object.
Approved by: re (kib), mentor
= fget(td, sockarg.sock, CAP_SOCK_ALL, fp)) != 0)
goto out;
- return (error);
if (fp-f_type != DTYPE_SOCKET) {
fdrop(fp, td);
error = EPERM;
%%%
--
Jaakko
--
Jonathan Anderson
jonat
Author: jonathan
Date: Tue Aug 16 14:23:16 2011
New Revision: 224911
URL: http://svn.freebsd.org/changeset/base/224911
Log:
Fix a merge conflict.
r224086 added goto out-style error handling to nfssvc_nfsd(), in order
to reliably call NFSEXITCODE() before returning. Our Capsicum changes,
Fixed in r224911.
Jon
On 16 August 2011 14:57, Jonathan Anderson jonat...@freebsd.org wrote:
It looks like r224086 added goto out error handling, so our return
(error) seems to be a merge conflict.
Sorry, I'll ask RE if I can fix that right now.
Jon
On 16 August 2011 13:29, Jaakko
Author: jonathan
Date: Sat Aug 13 09:21:16 2011
New Revision: 224810
URL: http://svn.freebsd.org/changeset/base/224810
Log:
Allow Capsicum capabilities to delegate constrained
access to file system subtrees to sandboxed processes.
- Use of absolute paths and '..' are limited in
Author: jonathan
Date: Sat Aug 13 10:43:21 2011
New Revision: 224812
URL: http://svn.freebsd.org/changeset/base/224812
Log:
Allow openat(2), fstatat(2), etc. in capability mode.
namei() and lookup() can now perform strictly relative lookups.
Such lookups, performed when in capability
Author: jonathan
Date: Fri Aug 12 14:26:47 2011
New Revision: 224797
URL: http://svn.freebsd.org/changeset/base/224797
Log:
Rename CAP_*_KEVENT to CAP_*_EVENT.
Change the names of a couple of capability rights to be less
FreeBSD-specific.
Approved by: re (kib), mentor (rwatson)
Author: jonathan
Date: Thu Aug 11 13:29:59 2011
New Revision: 224781
URL: http://svn.freebsd.org/changeset/base/224781
Log:
Only call fdclose() on successfully-opened FDs.
Since kern_openat() now uses falloc_noinstall() and finstall() separately,
there are cases where we could get to
Author: jonathan
Date: Thu Aug 11 15:52:06 2011
New Revision: 224784
URL: http://svn.freebsd.org/changeset/base/224784
Log:
Use the right printf() format string without a cast to maxint_t.
As per kib's suggestion, we also change test_count from a size_t to an int;
its value at the moment
Author: jonathan
Date: Mon Aug 8 20:36:52 2011
New Revision: 224721
URL: http://svn.freebsd.org/changeset/base/224721
Log:
Create timeval2timespec() and timespec2timeval().
These functions will be used by process descriptors to convert process
creation time into process descriptor
Author: jonathan
Date: Fri Aug 5 17:43:11 2011
New Revision: 224660
URL: http://svn.freebsd.org/changeset/base/224660
Log:
Expect fchflags(2) to fail with EOPNOTSUPP on NFS.
Even if we have CAP_FCHFLAGS, fchflags(2) fails on NFS. This is normal
and expected, so don't fail the test
/cap_test/cap_test.c Thu Aug 4 14:18:09
2011(r224650)
+++ head/tools/regression/security/cap_test/cap_test.c Thu Aug 4 14:20:13
2011(r224651)
@@ -1,5 +1,6 @@
/*-
* Copyright (c) 2008-2011 Robert N. M. Watson
+ * Copyright (c) 2011 Jonathan Anderson
* All rights reserved
Author: jonathan
Date: Fri Jul 22 12:50:21 2011
New Revision: 224268
URL: http://svn.freebsd.org/changeset/base/224268
Log:
Turn on AUDIT_ARG_RIGHTS() for cap_new(2).
Now that the code is in place to audit capability method rights, start
using it to audit the 'rights' argument to
Author: jonathan
Date: Thu Jul 21 21:08:33 2011
New Revision: 224255
URL: http://svn.freebsd.org/changeset/base/224255
Log:
Declare more capability method rights.
This is a complete set of rights that can be held in a capability's
rights mask.
Approved by: re (kib), mentor (rwatson)
Author: jonathan
Date: Wed Jul 20 09:53:35 2011
New Revision: 224225
URL: http://svn.freebsd.org/changeset/base/224225
Log:
Export capability information via sysctls.
When reporting on a capability, flag the fact that it is a capability,
but also unwrap to report all of the usual
Author: jonathan
Date: Wed Jul 20 13:29:39 2011
New Revision: 224227
URL: http://svn.freebsd.org/changeset/base/224227
Log:
Add cap_new(2) and cap_getrights(2) symbols to libc.
These system calls have already been implemented in the kernel; now we
hook up libc symbols so userspace can
Author: jonathan
Date: Mon Jul 18 12:58:18 2011
New Revision: 224181
URL: http://svn.freebsd.org/changeset/base/224181
Log:
Provide ability to audit cap_rights_t arguments.
We wish to be able to audit capability rights arguments; this code
provides the necessary infrastructure.
This
Author: jonathan
Date: Fri Jul 15 09:37:14 2011
New Revision: 224056
URL: http://svn.freebsd.org/changeset/base/224056
Log:
Add implementation for capabilities.
Code to actually implement Capsicum capabilities, including fileops and
kern_capwrap(), which creates a capability to wrap an
Author: jonathan
Date: Fri Jul 15 18:26:19 2011
New Revision: 224066
URL: http://svn.freebsd.org/changeset/base/224066
Log:
Add cap_new() and cap_getrights() system calls.
Implement two previously-reserved Capsicum system calls:
- cap_new() creates a capability to wrap an existing file
Author: jonathan
Date: Fri Jul 8 12:16:30 2011
New Revision: 223865
URL: http://svn.freebsd.org/changeset/base/223865
Log:
Clarify the meaning of a test.
Rather than using err() if either of two failure conditions
fires (which can produce spurious error messages), just use
errx() if
Author: jonathan
Date: Fri Jul 8 12:19:25 2011
New Revision: 223866
URL: http://svn.freebsd.org/changeset/base/223866
Log:
Fix the passability test in fdcopy().
Rather than checking to see if a descriptor is a kqueue, check to see if
its fileops flags include DFLAG_PASSABLE.
At the
Author: jonathan
Date: Thu Jul 7 17:00:42 2011
New Revision: 223843
URL: http://svn.freebsd.org/changeset/base/223843
Log:
Make a comment more accurate.
This comment refers to CAP_NT_SMBS, which does not exist; it should refer to
SMB_CAP_NT_SMBS.
Fixing this comment makes it easier for
Author: jonathan
Date: Thu Jul 7 18:07:03 2011
New Revision: 223845
URL: http://svn.freebsd.org/changeset/base/223845
Log:
Ensure that kqueue is not inherited across fork().
Modify the existing unit test (from libkqueue) which already exercises
process events via
fork() and kill().
Author: jonathan
Date: Tue Jul 5 13:45:10 2011
New Revision: 223785
URL: http://svn.freebsd.org/changeset/base/223785
Log:
Rework _fget to accept capability parameters.
This new version of _fget() requires new parameters:
- cap_rights_t needrights
the rights that we expect the
Author: jonathan
Date: Mon Jul 4 14:40:32 2011
New Revision: 223762
URL: http://svn.freebsd.org/changeset/base/223762
Log:
Add kernel functions to unwrap capabilities.
cap_funwrap() and cap_funwrap_mmap() unwrap capabilities, exposing the
underlying object. Attempting to unwrap a
Author: jonathan
Date: Sat Jul 2 15:41:22 2011
New Revision: 223723
URL: http://svn.freebsd.org/changeset/base/223723
Log:
Define the CAPABILITIES kernel option.
This option will enable Capsicum capabilities, which provide a fine-grained
mask on operations that can be performed on file
Author: jonathan
Date: Fri Jul 1 12:13:48 2011
New Revision: 223710
URL: http://svn.freebsd.org/changeset/base/223710
Log:
Define cap_rights_t and DTYPE_CAPABILITY, which are required to
implement Capsicum capabilities.
Approved by: mentor (rwatson), re (bz)
Modified:
Author: jonathan
Date: Wed Jun 29 13:03:05 2011
New Revision: 223668
URL: http://svn.freebsd.org/changeset/base/223668
Log:
We may split today's CAPABILITIES into CAPABILITY_MODE (which has
to do with global namespaces) and CAPABILITIES (which has to do with
constraining file descriptors).
Author: jonathan
Date: Sat Jun 25 12:37:06 2011
New Revision: 223533
URL: http://svn.freebsd.org/changeset/base/223533
Log:
Remove redundant Capsicum sysctl.
Since we're now declaring FEATURE(security_capabilities), there's no need for
an explicit SYSCTL_NODE.
Approved by: rwatson
Author: jonathan
Date: Fri Jun 24 14:40:22 2011
New Revision: 223505
URL: http://svn.freebsd.org/changeset/base/223505
Log:
Tidy up a capabilities-related comment.
This comment refers to an #ifdef that hasn't been merged [yet?]; remove it.
Approved by: rwatson
Modified:
joe [label=Josef karthauser\n...@freebsd.org\n1999/10/22]
joerg [label=Joerg wunsch\njo...@freebsd.org\n1993/11/14]
jon [label=Jonathan chen\n...@freebsd.org\n2000/10/17]
+jonathan [label=Jonathan anderson\njonat...@freebsd.org\n2010/10/07]
julian [label=Julian elischer\njul...@freebsd.org\n1993
59 matches
Mail list logo