| 267654 |
20-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| 225736 |
23-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
| 204585 |
02-Mar-2010 |
uqs |
Always assign WARNS using ?=
- fix some nearby style bugs
- include Makefile.inc where it makes sense and reduces duplication
Approved by: ed (co-mentor)
|
| 196172 |
13-Aug-2009 |
bz |
Start respecting WITHOUT_INET6.
Make regression/priv compile again after the multi-IP jail
changes. Note that we are still using the legacy jail(2)
rather than the jail_set(2)/jail(3) syscall.
Add an IPv4, and an IPv6 loopback address in case we compile
with INET6 enabled.
Make the priv_vfs_extattr_system compile on amd64 as well using the
proper length modifier to printf(3) for ssize_t.
Reviewed by: rwatson
Approved by: re (kib)
|
| 173679 |
16-Nov-2007 |
bz |
Remove empty setup and cleanup functions for the pfkey test.
Add regression tests for privileged and supposedly unprivileged
IP_IPSEC_POLICY,IPV6_IPSEC_POLICY setsockopt cases.
We may need to review the current 'good' results to make
sure they reflect what we really want.
Discussed with: rwatson
Reviewed by: rwatson
|
| 173578 |
13-Nov-2007 |
bz |
In sys/netipsec/keysock.c rev. 1.19 a missing priv check was added.
Before that non-su users were able to open pfkey sockets as well.
Add a regression test so we can detect such problems in an automated way
in the future.
|
| 172106 |
09-Sep-2007 |
rwatson |
Enhance and expand kernel privilege regression tests in support of
work present in FreeBSD 7.0 to refine the kernel privilege model:
- Introduce support for jail as a testing variable, in order to
confirm that privileges are properly restricted in the jail
environment.
- Restructure overall testing approach so that privilege and jail
conditions are set in the testing infrastructure before tests
are invoked, and done so in a custom-created process to isolate
the impact of tests from each other in a more consistent way.
- Tests now provide setup and cleanup hooks that occur before and
after the test runs.
- New privilege tests are now present for several audit
privileges, several credential management privileges, dmesg
buffer reading privilege, and netinet raw socket creation.
- Other existing tests are restructured and generally improved as
a result of better framework structure and jail as a variable.
For exampe, we now test that certain sysctls are writable only
outside jail, while others are writable within jail. On a
similar note, privileges relating to setting UFS file flags are
now better exercised, as with the right to chmod and utimes
files.
Approved by: re (bmah)
Obtained from: TrustedBSD Project
|
| 162271 |
13-Sep-2006 |
rwatson |
dd a series of regression tests to validate that privilege requirements are
implemented properly for a number of kernel subsystems. In general, they
try to exercise the privilege first as the root user, then as a test user,
in order to determine when privilege is being checked.
Currently, these tests do not compare inside/outside jail, and probably
should be enhanced to do that.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
|