#
c8e7649b |
|
09-Jan-2024 |
Jui-Hsuan Chang <hsuan1117@gapp.nthu.edu.tw> |
veriexec(8): Fix typo Event: Advanced UNIX Programming Course (Fall’23) at NTHU. Pull Request: https://github.com/freebsd/freebsd-src/pull/1018
|
#
1554ba03 |
|
24-Aug-2023 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Add mac_grantbylabel This module allows controlled privilege escallation via mac labels securely associated with a process via mac_veriexec. There are over 700 PRIV_* but we can compress many of them into a single GBL_* thus constraining the size of gbl labels. The goal is to allow a daemon to run as an unprivileged process while still being able a set of privileged operations needed. We add APIs to libveriexec so that userland processes can check labels and an exec_script API that allows a suitably labeled process to run something like a python interpreter directly if necessary; overcomming the 'indirect' flag applied to the interpreter. Add -l option to sbin/veriexec to report labels. Reviewed by: stevek Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D41431
|
#
fa9896e0 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: two-line nroff pattern Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
#
ab4f0a15 |
|
19-Jul-2022 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Add -S option to veriexec During software installation, use veriexec -S to strictly enforce certificate validity checks (notBefore, notAfter). Otherwise ignore certificate validity period. It is generally unacceptible for the Internet to stop working just because someone did not upgrade their infrastructure for a decade. Sponsored by: Juniper Networks, Inc. Reviewed by: sebastien.bini_stormshield.eu Differential Revision: https://reviews.freebsd.org/D35758
|
#
a8189e9b |
|
14-Feb-2022 |
Simon J. Gerraty <sjg@FreeBSD.org> |
veriexec(8): explain that only a unique prefix is required When setting or querying state it is sufficient to provide only enough of the state name to be unambiguous.
|
#
39dd0ed9 |
|
03-Oct-2020 |
Gordon Bergling <gbe@FreeBSD.org> |
veriexec(8): Bugfix for an issue reported by mandoc - consider using OS macro: Nx MFC after: 1 week
|
#
eb12b8ea |
|
25-Feb-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Add verifying manifest loader for mac_veriexec This tool will verify a signed manifest and load contents into mac_veriexec for storage Sponsored by: Juniper Networks Differential Revision: D16575
|