Date: Sun, 24 Aug 2008 10:25:45 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 148242 for review Message-ID: <200808241025.m7OAPjhM073911@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=148242 Change 148242 by rwatson@rwatson_freebsd_capabilities on 2008/08/24 10:25:02 Canonicalize copyrights, licenses; credit Google. Add a big warning about using this yet. Affected files ... .. //depot/projects/trustedbsd/capabilities/TODO#5 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_enter.2#3 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#5 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#10 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#18 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#16 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/TODO#5 (text+ko) ==== @@ -1,3 +1,6 @@ +WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED ON IN +PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND UNEXPECTED WAYS. + TrustedBSD Capabilities Project ------------------------------- ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_enter.2#3 (text+ko) ==== @@ -1,7 +1,14 @@ .\" -.\" Copyright (c) 2008 Robert Watson +.\" Copyright (c) 2008 Robert N. M. Watson .\" All rights reserved. .\" +.\" WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED +.\" ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND +.\" UNEXPECTED WAYS. +.\" +.\" This software was developed at the University of Cambridge Computer +.\" Laboratory with support from a grant from Google, Inc. +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -90,7 +97,10 @@ .Tn TrustedBSD Project. .Sh BUGS -This is a work in progress, please don't use it. +WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED ON IN +PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND UNEXPECTED WAYS. .Sh AUTHORS These functions and the capability facility were created by -.An "Robert N. M. Watson" . +.An "Robert N. M. Watson" +at the University of Cambridge Computer Laboratory with support from a grant +from Google, Inc. ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#5 (text+ko) ==== @@ -1,7 +1,14 @@ .\" -.\" Copyright (c) 2008 Robert Watson +.\" Copyright (c) 2008 Robert N. M. Watson .\" All rights reserved. .\" +.\" WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED +.\" ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND +.\" UNEXPECTED WAYS. +.\" +.\" This software was developed at the University of Cambridge Computer +.\" Laboratory with support from a grant from Google, Inc. +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -429,6 +436,11 @@ .Pp Capability rights sometimes have unclear indirect impacts, which should be documented, or at least hinted at. +.Pp +WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED ON IN +PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND UNEXPECTED WAYS. .Sh AUTHORS These functions and the capability facility were created by -.An "Robert N. M. Watson" . +.An "Robert N. M. Watson" +at the University of Cambridge Computer Laboratory with support from a grant +from Google, Inc. ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#10 (text+ko) ==== @@ -1,11 +1,44 @@ # +# Copyright (c) 2008 Robert N. M. Watson +# All rights reserved. +# +# WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED +# ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND +# UNEXPECTED WAYS. +# +# This software was developed at the University of Cambridge Computer +# Laboratory with support from a grant from Google, Inc. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# # List of system calls enabled in capability mode, one name per line. # # Notes: # - sys_exit() and close() are very important. # - Sorted alphabetically, please keep it that way. # -# $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#9 $ +# $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#10 $ # __acl_aclcheck_fd __acl_delete_fd ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#18 (text+ko) ==== @@ -2,6 +2,13 @@ * Copyright (c) 2008 Robert N. M. Watson * All rights reserved. * + * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED + * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND + * UNEXPECTED WAYS. + * + * This software was developed at the University of Cambridge Computer + * Laboratory with support from a grant from Google, Inc. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -43,7 +50,7 @@ #include "opt_capabilities.h" #include <sys/cdefs.h> -__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#17 $"); +__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#18 $"); #include <sys/param.h> #include <sys/capability.h> ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#16 (text+ko) ==== @@ -2,6 +2,13 @@ * Copyright (c) 2008 Robert N. M. Watson * All rights reserved. * + * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED + * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND + * UNEXPECTED WAYS. + * + * This software was developed at the University of Cambridge Computer + * Laboratory with support from a grant from Google, Inc. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -23,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#15 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#16 $ */ /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808241025.m7OAPjhM073911>