Open-Source-Software-Entwicklung und Downloads
Anmeldename
Konto erstellen
Hilfe
MY OSDN
Finden Software
Magazine
Entwicklung
Pastebin
Software
Personen
PersonalForge
Magazine
Wiki
OSDN
>
Finden Software
>
TOMOYO
TOMOYO
Zusammenfassung
Projekt Zusammenfassung
Entwickler-Dashboard
Projekt-Bewertungen
Web-Seite
Entwickler
RSS Feed-Liste
Statistiken
Historie
Bildergalerie
Suche Schlüsselwörter
Neuigkeiten
News-Archiv
Hilfe
Downloads
Aller Releases-Liste
Hilfe
Quellcode
Guide
Browse SVN
Browse Git: tomoyo-test1
Hilfe
Wiki
Titelseite
Titel-Index
Kürzliche Änderungen
Wiki Suche
Hilfe
Text & Tabellen
List Docs
Hilfe
Foren
Forum-Liste
Open Discussion (112)
Hilfe
Mailinglisten
Alle Mailinglisten
tomoyo-dev
tomoyo-dev-en
tomoyo-users
tomoyo-users-en
Hilfe
Ticket
Ticket-Liste
Liste der Meilensteine
Typenliste
Komponentenliste
Liste der zuletzt benutzten Tickets/RSS
Neue Ticket abschicken
Hilfe
Browse Subversion Repository
/
[tomoyo]
/
trunk
/
1.7.x
/
ccs-patch
/
README.ccs
Diff of /trunk/1.7.x/ccs-patch/README.ccs
Parent Directory
|
Revision Log
|
Patch
revision
964
by
kumaneko
, Tue Feb 5 04:56:40 2008 UTC
revision
987
by
kumaneko
, Thu Feb 14 08:30:47 2008 UTC
#
Line 1164
Fix 2008/02/05
Line 1164
Fix 2008/02/05
1164
Kernel 2.6.24 introduced PID namespace.
Kernel 2.6.24 introduced PID namespace.
1165
To search PID given from userland, the kernel needs to use
To search PID given from userland, the kernel needs to use
1166
find_task_by_vpid() instead of find_task_pid().
find_task_by_vpid() instead of find_task_pid().
1167
1168
Fix 2008/02/14
1169
1170
@ Add execve() parameter checking.
1171
1172
Until now, it was impossible to check argv[] and envp[] parameters
1173
passed to execve().
1174
I expanded conditional permission syntax so that
1175
{ argc, envc, argv[] , envp[] } parameters can be checked if needed.
1176
This will allow administrator permit execution of /bin/sh only when
1177
/bin/sh is invoked in the form of "/bin/sh -c" and environment variable
1178
HOME is set by specifying
1179
1180
allow_execute /bin/sh if exec.argv[1]="-c" exec.envp["HOME"]!=NULL
1181
1182
in the policy.
1183
This extension will make exploit codes difficult to start /bin/sh because
1184
they unlikely set up environment variables and unlikely specify "-c"
1185
option when invoking /bin/sh , whereas proper functions likely set up
1186
environment variables and likely specify "-c" option.
Colored Diff
Long Colored Diff
Full Colored Diff
Unidiff
Context Diff
Side by Side
Legend:
Removed from v.964
changed lines
Added in v.987
Back to OSDN
">
Back to OSDN
ViewVC Help
Powered by
ViewVC 1.1.26