<feed xmlns='http://www.w3.org/2005/Atom'>
<title>src/sys/kern/sysv_msg.c, branch releng/4.5</title>
<subtitle>FreeBSD source tree</subtitle>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/'/>
<entry>
<title>o MFC of System V IPC disabling in jail():</title>
<updated>2000-11-01T17:58:06+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2000-11-01T17:58:06+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=6932233cbd8ef96ef7491e4a611ff70572d2fc41'/>
<id>6932233cbd8ef96ef7491e4a611ff70572d2fc41</id>
<content type='text'>
  1.8       +6 -1      src/sys/kern/kern_jail.c
  1.26      +17 -1     src/sys/kern/sysv_msg.c
  1.29      +14 -1     src/sys/kern/sysv_sem.c
  1.49      +20 -1     src/sys/kern/sysv_shm.c
  1.10      +2 -1      src/sys/sys/jail.h

  Log:
  o Deny access to System V IPC from within jail by default, as in the
    current implementation, jail neither virtualizes the Sys V IPC namespace,
    nor provides inter-jail protections on IPC objects.
  o Support for System V IPC can be enabled by setting jail.sysvipc_allowed=1
    using sysctl.
  o This is not the "real fix" which involves virtualizing the System V
    IPC namespace, but prevents processes within jail from influencing those
    outside of jail when not approved by the administrator.

  Reported by:  Paulo Fragoso &lt;paulo@nlink.com.br&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
  1.8       +6 -1      src/sys/kern/kern_jail.c
  1.26      +17 -1     src/sys/kern/sysv_msg.c
  1.29      +14 -1     src/sys/kern/sysv_sem.c
  1.49      +20 -1     src/sys/kern/sysv_shm.c
  1.10      +2 -1      src/sys/sys/jail.h

  Log:
  o Deny access to System V IPC from within jail by default, as in the
    current implementation, jail neither virtualizes the Sys V IPC namespace,
    nor provides inter-jail protections on IPC objects.
  o Support for System V IPC can be enabled by setting jail.sysvipc_allowed=1
    using sysctl.
  o This is not the "real fix" which involves virtualizing the System V
    IPC namespace, but prevents processes within jail from influencing those
    outside of jail when not approved by the administrator.

  Reported by:  Paulo Fragoso &lt;paulo@nlink.com.br&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>MFC: 1.25: Initialize variable to avoid strange stuff</title>
<updated>2000-09-19T23:00:18+00:00</updated>
<author>
<name>Peter Wemm</name>
<email>peter@FreeBSD.org</email>
</author>
<published>2000-09-19T23:00:18+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=5526424e677225ee023c91d7c75f02cfc7f1eee3'/>
<id>5526424e677225ee023c91d7c75f02cfc7f1eee3</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>MFC: pmap interface optimizations, optionally physically backed SYSVSHM.</title>
<updated>2000-08-04T22:31:11+00:00</updated>
<author>
<name>Peter Wemm</name>
<email>peter@FreeBSD.org</email>
</author>
<published>2000-08-04T22:31:11+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=5fe02406b28ae31a4dcc53954a1ca7aeb0c4e949'/>
<id>5fe02406b28ae31a4dcc53954a1ca7aeb0c4e949</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>$Id$ -&gt; $FreeBSD$</title>
<updated>1999-08-28T01:08:13+00:00</updated>
<author>
<name>Peter Wemm</name>
<email>peter@FreeBSD.org</email>
</author>
<published>1999-08-28T01:08:13+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=c3aac50f284c6cca5b4f2eb46aaa13812cb8b630'/>
<id>c3aac50f284c6cca5b4f2eb46aaa13812cb8b630</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>Change suser_xxx() to suser() where it applies.</title>
<updated>1999-04-27T12:21:16+00:00</updated>
<author>
<name>Poul-Henning Kamp</name>
<email>phk@FreeBSD.org</email>
</author>
<published>1999-04-27T12:21:16+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=1c308b817a866f9cd41dd238a709e248d021f5c1'/>
<id>1c308b817a866f9cd41dd238a709e248d021f5c1</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>Suser() simplification:</title>
<updated>1999-04-27T11:18:52+00:00</updated>
<author>
<name>Poul-Henning Kamp</name>
<email>phk@FreeBSD.org</email>
</author>
<published>1999-04-27T11:18:52+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=f711d546d27edc6115841ef780df0252d44a996d'/>
<id>f711d546d27edc6115841ef780df0252d44a996d</id>
<content type='text'>
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in &lt;sys/proc.h&gt;.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)-&gt;p_ucred, \&amp;\1-&gt;p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include &lt;sys/cred.h&gt;, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in &lt;sys/proc.h&gt;.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)-&gt;p_ucred, \&amp;\1-&gt;p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include &lt;sys/cred.h&gt;, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
</pre>
</div>
</content>
</entry>
<entry>
<title>The function msgrcv() could copy larger data than it should do</title>
<updated>1999-04-21T13:30:01+00:00</updated>
<author>
<name>SADA Kenji</name>
<email>sada@FreeBSD.org</email>
</author>
<published>1999-04-21T13:30:01+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=565592bd9cb804b6e6ce47abedcfba472a8b0d73'/>
<id>565592bd9cb804b6e6ce47abedcfba472a8b0d73</id>
<content type='text'>
under some circumstances.
PR:		kern/10765
Submitted by:	Yasuhito FUTATSUKI &lt;futatuki@fureai.or.jp&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
under some circumstances.
PR:		kern/10765
Submitted by:	Yasuhito FUTATSUKI &lt;futatuki@fureai.or.jp&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Use suser() to determine super-user-ness, don't examine cr_uid directly.</title>
<updated>1999-01-30T12:21:49+00:00</updated>
<author>
<name>Poul-Henning Kamp</name>
<email>phk@FreeBSD.org</email>
</author>
<published>1999-01-30T12:21:49+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=57c90d6fcd7a09153d16734be0a28efd29e7eb66'/>
<id>57c90d6fcd7a09153d16734be0a28efd29e7eb66</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>Eradicate the variable "time" from the kernel, using various measures.</title>
<updated>1998-03-30T09:56:58+00:00</updated>
<author>
<name>Poul-Henning Kamp</name>
<email>phk@FreeBSD.org</email>
</author>
<published>1998-03-30T09:56:58+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=227ee8a188f0f8da52dabd7c2c13748a2578efce'/>
<id>227ee8a188f0f8da52dabd7c2c13748a2578efce</id>
<content type='text'>
"time" wasn't a atomic variable, so splfoo() protection were needed
around any access to it, unless you just wanted the seconds part.

Most uses of time.tv_sec now uses the new variable time_second instead.

gettime() changed to getmicrotime(0.

Remove a couple of unneeded splfoo() protections, the new getmicrotime()
is atomic, (until Bruce sets a breakpoint in it).

A couple of places needed random data, so use read_random() instead
of mucking about with time which isn't random.

Add a new nfs_curusec() function.

Mark a couple of bogosities involving the now disappeard time variable.

Update ffs_update() to avoid the weird "== &amp;time" checks, by fixing the
one remaining call that passwd &amp;time as args.

Change profiling in ncr.c to use ticks instead of time.  Resolution is
the same.

Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call
hzto() which subtracts time" sequences.

Reviewed by:	bde
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
"time" wasn't a atomic variable, so splfoo() protection were needed
around any access to it, unless you just wanted the seconds part.

Most uses of time.tv_sec now uses the new variable time_second instead.

gettime() changed to getmicrotime(0.

Remove a couple of unneeded splfoo() protections, the new getmicrotime()
is atomic, (until Bruce sets a breakpoint in it).

A couple of places needed random data, so use read_random() instead
of mucking about with time which isn't random.

Add a new nfs_curusec() function.

Mark a couple of bogosities involving the now disappeard time variable.

Update ffs_update() to avoid the weird "== &amp;time" checks, by fixing the
one remaining call that passwd &amp;time as args.

Change profiling in ncr.c to use ticks instead of time.  Resolution is
the same.

Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call
hzto() which subtracts time" sequences.

Reviewed by:	bde
</pre>
</div>
</content>
</entry>
<entry>
<title>Move the "retval" (3rd) parameter from all syscall functions and put</title>
<updated>1997-11-06T19:29:57+00:00</updated>
<author>
<name>Poul-Henning Kamp</name>
<email>phk@FreeBSD.org</email>
</author>
<published>1997-11-06T19:29:57+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=cb226aaa624a8d8e6c7c5f9aaaa1b415f0e2cf4d'/>
<id>cb226aaa624a8d8e6c7c5f9aaaa1b415f0e2cf4d</id>
<content type='text'>
it in struct proc instead.

This fixes a boatload of compiler warning, and removes a lot of cruft
from the sources.

I have not removed the /*ARGSUSED*/, they will require some looking at.

libkvm, ps and other userland struct proc frobbing programs will need
recompiled.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
it in struct proc instead.

This fixes a boatload of compiler warning, and removes a lot of cruft
from the sources.

I have not removed the /*ARGSUSED*/, they will require some looking at.

libkvm, ps and other userland struct proc frobbing programs will need
recompiled.
</pre>
</div>
</content>
</entry>
</feed>
