Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-3]: src/sys/kern Pull up revision 1.39 (requested by elad in tick...

details:   https://anonhg.NetBSD.org/src/rev/01b54720ea18
branches:  netbsd-3
changeset: 576134:01b54720ea18
user:      tron <tron%NetBSD.org@localhost>
date:      Fri Jun 10 15:10:24 2005 +0000

description:
Pull up revision 1.39 (requested by elad in ticket #389):
Some changes in veriexec.
New features:
- Add a veriexec_report() routine to make most reporting consistent and
remove some common code.
- Add 'strict' mode that controls how veriexec behaves.
- Add sysctl knobs:
o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
documentation in sysctl(3) for details.
o kern.veriexec.algorithms returns a string with a space separated
list of supported hashing algorithms in veriexec.
- Updated documentation in man pages for sysctl(3) and sysctl(8).
Bug fixes:
- veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
correctly.
- exec_script(): Don't pass 0 as flag when executing a script; use the
defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
enforcement work.
- Fix some printing formats and types..

diffstat:

 sys/kern/exec_script.c |  8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diffs (36 lines):

diff -r 43b0b6005b12 -r 01b54720ea18 sys/kern/exec_script.c
--- a/sys/kern/exec_script.c    Fri Jun 10 15:10:17 2005 +0000
+++ b/sys/kern/exec_script.c    Fri Jun 10 15:10:24 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: exec_script.c,v 1.38 2004/11/04 23:55:28 matt Exp $    */
+/*     $NetBSD: exec_script.c,v 1.38.10.1 2005/06/10 15:10:24 tron Exp $       */
 
 /*
  * Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.38 2004/11/04 23:55:28 matt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.38.10.1 2005/06/10 15:10:24 tron Exp $");
 
 #if defined(SETUIDSCRIPTS) && !defined(FDSCRIPTS)
 #define FDSCRIPTS              /* Need this for safe set-id scripts. */
@@ -54,6 +54,8 @@
 #include <sys/exec_script.h>
 #include <sys/exec_elf.h>
 
+#include <sys/verified_exec.h>
+
 /*
  * exec_script_makecmds(): Check if it's an executable shell script.
  *
@@ -249,7 +251,7 @@
        oldpnbuf = epp->ep_ndp->ni_cnd.cn_pnbuf;
 
 #ifdef VERIFIED_EXEC
-       if ((error = check_exec(p, epp, 0)) == 0) {
+       if ((error = check_exec(p, epp, VERIEXEC_INDIRECT)) == 0) {
 #else
        if ((error = check_exec(p, epp)) == 0) {
 #endif
Home | Main Index | Thread Index | Old Index