From owner-cvs-src Wed Mar 5 20:47:50 2003 Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BADA37B401; Wed, 5 Mar 2003 20:47:48 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2948643F3F; Wed, 5 Mar 2003 20:47:48 -0800 (PST) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h264ll0U045637; Wed, 5 Mar 2003 20:47:47 -0800 (PST) (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h264llux045636; Wed, 5 Mar 2003 20:47:47 -0800 (PST) Message-Id: <200303060447.h264llux045636@repoman.freebsd.org> From: Robert Watson Date: Wed, 5 Mar 2003 20:47:47 -0800 (PST) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/sys mac.h mac_policy.h src/sys/alpha/alpha sys_machdep.c src/sys/i386/i386 sys_machdep.c src/sys/kern kern_mac.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-src@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG rwatson 2003/03/05 20:47:47 PST FreeBSD src repository Modified files: sys/sys mac.h mac_policy.h sys/alpha/alpha sys_machdep.c sys/i386/i386 sys_machdep.c sys/kern kern_mac.c Log: Instrument sysarch() MD privileged I/O access interfaces with a MAC check, mac_check_sysarch_ioperm(), permitting MAC security policy modules to control access to these interfaces. Currently, they protect access to IOPL on i386, and setting HAE on Alpha. Additional checks might be required on other platforms to prevent bypass of kernel security protections by unauthorized processes. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Revision Changes Path 1.22 +9 -0 src/sys/alpha/alpha/sys_machdep.c 1.79 +6 -0 src/sys/i386/i386/sys_machdep.c 1.81 +12 -0 src/sys/kern/kern_mac.c 1.36 +1 -0 src/sys/sys/mac.h 1.36 +1 -0 src/sys/sys/mac_policy.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-src" in the body of the message