Date: Mon, 5 Jun 2000 07:53:55 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_mib.c kern_prot.c src/sys/sys systm.h Message-ID: <200006051453.HAA35733@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2000/06/05 07:53:55 PDT
Modified files:
sys/kern kern_mib.c kern_prot.c
sys/sys systm.h
Log:
o Introduce kern.suser_permitted, a sysctl that disables the suser_xxx()
returning anything but EPERM.
o suser is enabled by default; once disabled, cannot be reenabled
o To be used in alternative security models where uid0 does not connote
additional privileges
o Should be noted that uid0 still has some additional powers as it
owns many important files and executables, so suffers from the same
fundamental security flaws as securelevels. This is fixed with
MAC integrity protection code (in progress)
o Not safe for consumption unless you are *really* sure you don't want
things like shutdown to work, et al :-)
Obtained from: TrustedBSD Project
Revision Changes Path
1.33 +25 -1 src/sys/kern/kern_mib.c
1.57 +3 -1 src/sys/kern/kern_prot.c
1.115 +2 -1 src/sys/sys/systm.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006051453.HAA35733>