From owner-cvs-all Mon Jun 5 7:53:57 2000 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 7D82C37BCCE; Mon, 5 Jun 2000 07:53:55 -0700 (PDT) (envelope-from rwatson@FreeBSD.org) Received: (from rwatson@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id HAA35733; Mon, 5 Jun 2000 07:53:55 -0700 (PDT) (envelope-from rwatson@FreeBSD.org) Message-Id: <200006051453.HAA35733@freefall.freebsd.org> From: Robert Watson Date: Mon, 5 Jun 2000 07:53:55 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_mib.c kern_prot.c src/sys/sys systm.h Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG rwatson 2000/06/05 07:53:55 PDT Modified files: sys/kern kern_mib.c kern_prot.c sys/sys systm.h Log: o Introduce kern.suser_permitted, a sysctl that disables the suser_xxx() returning anything but EPERM. o suser is enabled by default; once disabled, cannot be reenabled o To be used in alternative security models where uid0 does not connote additional privileges o Should be noted that uid0 still has some additional powers as it owns many important files and executables, so suffers from the same fundamental security flaws as securelevels. This is fixed with MAC integrity protection code (in progress) o Not safe for consumption unless you are *really* sure you don't want things like shutdown to work, et al :-) Obtained from: TrustedBSD Project Revision Changes Path 1.33 +25 -1 src/sys/kern/kern_mib.c 1.57 +3 -1 src/sys/kern/kern_prot.c 1.115 +2 -1 src/sys/sys/systm.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message