Développer et télécharger des logiciels Open Source
Connexion
Créer un compte
Aide
MY OSDN
Trouver un logiciel
Magazine
Développer
Pastebin
Logiciel
Peuple
PersonalForge
Magazine
Wiki
OSDN
>
Trouver un logiciel
>
TOMOYO
TOMOYO
Sommaire
Résumé du projet
Dashboard - Développeur
Avis de projet
Page Web
Développeurs
Liste des flux RSS
Statistiques
Historique
Galerie d'images
Recherche des mots-clés
Nouvelles
Archives des nouvelles
Aide
Téléchargements
List of Releases
Aide
Code Source
Guider
Parcourir SVN
Parcourir Git: tomoyo-test1
Aide
Wiki
Page de garde
Index du titre
Modifications récentes
Wiki Search
Aide
Docs
List Docs
Aide
Forums
Liste des forums
Open Discussion (112)
Aide
Listes de diffusion
Liste de ML
tomoyo-dev
tomoyo-dev-en
tomoyo-users
tomoyo-users-en
Aide
Ticket
Liste des tickets
Liste des Jalons
Liste des types
Liste des composants
Liste des tickets/RSS fréquemment utilisés
Soumettre un nouveau ticket
Aide
Browse Subversion Repository
/
[tomoyo]
/
trunk
/
1.6.x
/
ccs-patch
/
README.ccs
Diff of /trunk/1.6.x/ccs-patch/README.ccs
Parent Directory
|
Revision Log
|
Patch
revision
986
by
kumaneko
, Tue Feb 5 04:56:40 2008 UTC
revision
987
by
kumaneko
, Thu Feb 14 08:30:47 2008 UTC
#
Line 1164
Fix 2008/02/05
Line 1164
Fix 2008/02/05
1164
Kernel 2.6.24 introduced PID namespace.
Kernel 2.6.24 introduced PID namespace.
1165
To search PID given from userland, the kernel needs to use
To search PID given from userland, the kernel needs to use
1166
find_task_by_vpid() instead of find_task_pid().
find_task_by_vpid() instead of find_task_pid().
1167
1168
Fix 2008/02/14
1169
1170
@ Add execve() parameter checking.
1171
1172
Until now, it was impossible to check argv[] and envp[] parameters
1173
passed to execve().
1174
I expanded conditional permission syntax so that
1175
{ argc, envc, argv[] , envp[] } parameters can be checked if needed.
1176
This will allow administrator permit execution of /bin/sh only when
1177
/bin/sh is invoked in the form of "/bin/sh -c" and environment variable
1178
HOME is set by specifying
1179
1180
allow_execute /bin/sh if exec.argv[1]="-c" exec.envp["HOME"]!=NULL
1181
1182
in the policy.
1183
This extension will make exploit codes difficult to start /bin/sh because
1184
they unlikely set up environment variables and unlikely specify "-c"
1185
option when invoking /bin/sh , whereas proper functions likely set up
1186
environment variables and likely specify "-c" option.
Colored Diff
Long Colored Diff
Full Colored Diff
Unidiff
Context Diff
Side by Side
Legend:
Removed from v.986
changed lines
Added in v.987
Back to OSDN
">
Back to OSDN
ViewVC Help
Powered by
ViewVC 1.1.26