#
12d258fa |
| 07-Dec-2021 |
andvar <andvar@NetBSD.org> |
s/dissallow/disallow/
|
#
6f055a6d |
| 05-Dec-2020 |
thorpej <thorpej@NetBSD.org> |
Remove unnecessary inclusion of <sys/timevar.h>.
|
#
7cd8f2ab |
| 21-Feb-2020 |
joerg <joerg@NetBSD.org> |
Explicitly cast pointers to uintptr_t before casting to enums. They are not necessarily the same size. Don't cast pointers to bool, check for NULL instead.
|
#
361e68bb |
| 15-Jul-2018 |
maxv <maxv@NetBSD.org> |
Retire ipkdb entirely. The option was removed from the config files yesterday.
ok kamil christos
|
#
05fd0bf3 |
| 25-Feb-2014 |
pooka <pooka@NetBSD.org> |
Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before the sysctl link sets are processed, and remove redundancy.
Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicat
Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before the sysctl link sets are processed, and remove redundancy.
Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicate lines of code.
show more ...
|
#
909597c3 |
| 08-Dec-2011 |
jym <jym@NetBSD.org> |
build fix for keylock secmodel(9).
|
#
6519e39d |
| 04-Dec-2011 |
jym <jym@NetBSD.org> |
Implement the register/deregister/evaluation API for secmodel(9). It allows registration of callbacks that can be used later for cross-secmodel "safe" communication.
When a secmodel wishes to know a
Implement the register/deregister/evaluation API for secmodel(9). It allows registration of callbacks that can be used later for cross-secmodel "safe" communication.
When a secmodel wishes to know a property maintained by another secmodel, it has to submit a request to it so the other secmodel can proceed to evaluating the request. This is done through the secmodel_eval(9) call; example:
bool isroot; error = secmodel_eval("org.netbsd.secmodel.suser", "is-root", cred, &isroot); if (error == 0 && !isroot) result = KAUTH_RESULT_DENY;
This one asks the suser module if the credentials are assumed to be root when evaluated by suser module. If the module is present, it will respond. If absent, the call will return an error.
Args and command are arbitrarily defined; it's up to the secmodel(9) to document what it expects.
Typical example is securelevel testing: when someone wants to know whether securelevel is raised above a certain level or not, the caller has to request this property to the secmodel_securelevel(9) module. Given that securelevel module may be absent from system's context (thus making access to the global "securelevel" variable impossible or unsafe), this API can cope with this absence and return an error.
We are using secmodel_eval(9) to implement a secmodel_extensions(9) module, which plugs with the bsd44, suser and securelevel secmodels to provide the logic behind curtain, usermount and user_set_cpu_affinity modes, without adding hooks to traditional secmodels. This solves a real issue with the current secmodel(9) code, as usermount or user_set_cpu_affinity are not really tied to secmodel_suser(9).
The secmodel_eval(9) is also used to restrict security.models settings when securelevel is above 0, through the "is-securelevel-above" evaluation: - curtain can be enabled any time, but cannot be disabled if securelevel is above 0. - usermount/user_set_cpu_affinity can be disabled any time, but cannot be enabled if securelevel is above 0.
Regarding sysctl(7) entries: curtain and usermount are now found under security.models.extensions tree. The security.curtain and vfs.generic.usermount are still accessible for backwards compat.
Documentation is incoming, I am proof-reading my writings.
Written by elad@, reviewed and tested (anita test + interact for rights tests) by me. ok elad@.
See also http://mail-index.netbsd.org/tech-security/2011/11/29/msg000422.html
XXX might consider va0 mapping too.
XXX Having a secmodel(9) specific printf (like aprint_*) for reporting secmodel(9) errors might be a good idea, but I am not sure on how to design such a function right now.
show more ...
|
#
570ca15b |
| 19-Oct-2009 |
cegger <cegger@NetBSD.org> |
buildfix: define integer before use. i386 ALL kernel builds again
|
#
756638cf |
| 06-Oct-2009 |
elad <elad@NetBSD.org> |
Factor out a block of code that appears in three places (Veriexec, keylock, and securelevel) so that others can use it as well.
|
#
a39251ec |
| 03-Oct-2009 |
elad <elad@NetBSD.org> |
Introduce time_wraps() to check if setting the time will wrap it (or close to it). Useful for secmodels.
Replace open-coded form with it in secmodel code (securelevel, keylock).
Note: I need to fin
Introduce time_wraps() to check if setting the time will wrap it (or close to it). Useful for secmodels.
Replace open-coded form with it in secmodel code (securelevel, keylock).
Note: I need to find a way to make secmodel_keylock.c ~<100 lines.
show more ...
|
#
385b2e36 |
| 15-Aug-2009 |
mbalmer <mbalmer@NetBSD.org> |
Move the keylock.h header from sys/sys to sys/dev where it really belongs. Add keylock options to the ALL kernel configuration.
|
#
3ab4ce47 |
| 14-Aug-2009 |
mbalmer <mbalmer@NetBSD.org> |
Add support for multi-position electro-mechanical keylocks. An example driver, gpiolock(4), is provided as an example how to interface real hardware. A new securemodel, securemodel_keylock, is provi
Add support for multi-position electro-mechanical keylocks. An example driver, gpiolock(4), is provided as an example how to interface real hardware. A new securemodel, securemodel_keylock, is provided to show how this can be used to tie keylocks to overall system security. This is experimental code. The diff has been on tech-kern for several weeks.
Reviewed by many, kauth(9) integration reviewed by Elad Efrat; approved by tonnerre@ and tron@. Thanks to everyone who provided feedback.
show more ...
|