source-changes: CVS commit: basesrc/bin/systrace

Subject: CVS commit: basesrc/bin/systrace
To: None <source-changes@netbsd.org>
From: Niels Provos <provos@netbsd.org>
List: source-changes
Date: 10/12/2002 00:54:59

Module Name:	basesrc
Committed By:	provos
Date:		Fri Oct 11 21:54:59 UTC 2002

Modified Files:
	basesrc/bin/systrace: filter.c intercept.c intercept.h lex.l
	    netbsd-syscalls.c openbsd-syscalls.c parse.y systrace.1 systrace.c
	    systrace.h
	syssrc/sys/kern: kern_systrace.c
	syssrc/sys/sys: systrace.h

Log Message:
support for privilege elevation.

with privilege elevation no suid or sgid binaries are necessary any
longer.  Applications can be executed completely unprivileged. Systrace
raises the privileges for a single system call depending on the
configured policy.

Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.
Approved by christos and thorpej.


To generate a diff of this commit:
cvs rdiff -r1.10 -r1.11 basesrc/bin/systrace/filter.c
cvs rdiff -r1.7 -r1.8 basesrc/bin/systrace/intercept.c \
    basesrc/bin/systrace/systrace.h
cvs rdiff -r1.5 -r1.6 basesrc/bin/systrace/intercept.h
cvs rdiff -r1.4 -r1.5 basesrc/bin/systrace/lex.l \
    basesrc/bin/systrace/openbsd-syscalls.c basesrc/bin/systrace/parse.y
cvs rdiff -r1.8 -r1.9 basesrc/bin/systrace/netbsd-syscalls.c
cvs rdiff -r1.13 -r1.14 basesrc/bin/systrace/systrace.1
cvs rdiff -r1.11 -r1.12 basesrc/bin/systrace/systrace.c
cvs rdiff -r1.17 -r1.18 syssrc/sys/kern/kern_systrace.c
cvs rdiff -r1.5 -r1.6 syssrc/sys/sys/systrace.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.