upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-03-03 22:01:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/security/mac
History
Robert Watson 030a28b3b5 Introduce new MAC Framework and MAC Policy entry points to control the use 
of system calls to manipulate elements of the process credential,
including:

        setuid()                mac_check_proc_setuid()
        seteuid()               mac_check_proc_seteuid()
        setgid()                mac_check_proc_setgid()
        setegid()               mac_check_proc_setegid()
        setgroups()             mac_check_proc_setgroups()
        setreuid()              mac_check_proc_setreuid()
        setregid()              mac_check_proc_setregid()
        setresuid()             mac_check_proc_setresuid()
        setresgid()             mac_check_rpoc_setresgid()

MAC checks are performed before other existing security checks; both
current credential and intended modifications are passed as arguments
to the entry points.  The mac_test and mac_stub policies are updated.

Submitted by:	Samy Al Bahra <samy@kerneled.org>
Obtained from:	TrustedBSD Project
2005-04-16 13:29:15 +00:00
..
mac_framework.c Bump MAC Framework version to 2 in preparation for the upcoming API/ABI 2004-11-09 11:28:40 +00:00
mac_framework.h Introduce new MAC Framework and MAC Policy entry points to control the use 2005-04-16 13:29:15 +00:00
mac_inet.c Move inet and inet6 related MAC Framework entry points from mac_net.c 2004-02-26 03:51:04 +00:00
mac_internal.h Remove extern declaration of mac_enforce_sysv, as it's not present in 2004-10-22 11:07:18 +00:00
mac_label.c In the MAC label zone destructor, assert that the label is only 2004-10-22 11:08:52 +00:00
mac_net.c Introduce a temporary mutex, mac_ifnet_mtx, to lock MAC labels on 2004-06-24 03:34:46 +00:00
mac_pipe.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
mac_policy.h Introduce new MAC Framework and MAC Policy entry points to control the use 2005-04-16 13:29:15 +00:00
mac_process.c Introduce new MAC Framework and MAC Policy entry points to control the use 2005-04-16 13:29:15 +00:00
mac_socket.c Socket MAC labels so_label and so_peerlabel are now protected by 2004-06-13 02:50:07 +00:00
mac_syscalls.c Bump MAC Framework version to 2 in preparation for the upcoming API/ABI 2004-11-09 11:28:40 +00:00
mac_system.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
mac_sysv_msg.c Remove an accidental clearing of the new label pointer on a system V 2005-02-24 16:08:41 +00:00
mac_sysv_sem.c Implement MAC entry points relating to System V IPC, calling into the 2004-11-17 13:14:24 +00:00
mac_sysv_shm.c Implement MAC entry points relating to System V IPC, calling into the 2004-11-17 13:14:24 +00:00
mac_vfs.c Move MAC check_vnode_mmap entry point out from being exclusive to 2005-04-14 16:03:30 +00:00