Diff of /trunk/1.6.x/ccs-patch/README.ccs

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/1.6.x/ccs-patch/README.ccs




Diff of /trunk/1.6.x/ccs-patch/README.ccs



 Parent Directory

|  Revision Log



|  Patch













trunk/1.5.x/ccs-patch/README.ccs
revision 860 by kumaneko,
Fri Jan  4 04:41:41 2008 UTC



trunk/1.6.x/ccs-patch/README.ccs
revision 924 by kumaneko,
Thu Jan 24 03:18:27 2008 UTC






#

Line 1101 
 Fix 2007/12/18


Line 1101 
 Fix 2007/12/18












1101
       To my surprise, "mount --bind source dest" accepts
       To my surprise, "mount --bind source dest" accepts

















1102
       not only "both source and dest are directory"
       not only "both source and dest are directory"

















1103
       but also "both source and dest are non-directory".
       but also "both source and dest are non-directory".















1104


       I was rejecting if dest is not a derectory in AddMountACL().


       I was rejecting if dest is not a directory in AddMountACL().















1105
 
 

















1106
     @ Change log format.
     @ Change log format.

















1107
 
 











#

Line 1127 
 Fix 2008/01/03


Line 1127 
 Fix 2008/01/03












1127
       common part.
       common part.

















1128
 
 

















1129
       These changes will reduce memory used by policy.
       These changes will reduce memory used by policy.












1130
 
 







1131
 
 Fix 2008/01/15







1132
 
 







1133
 
     @ Add ptrace() hook.







1134
 
 







1135
 
       To prevent attackers from controlling important processes using







1136
 
       ptrace(), I added a hook for ptrace().







1137
 
       Most programs (except strace(1) and gdb(1)) won't use ptrace(2).







1138
 
 







1139
 
     @ Fix sleep condition check in CheckSocketRecvDatagramPermission().







1140
 
 







1141
 
       It seems that correct method to use is in_atomic()







1142
 
       rather than in_interrupt() because in_atomic() returns nonzero







1143
 
       whenever scheduling is not allowed.







1144
 
 







1145
 
 Fix 2008/01/24







1146
 
 







1147
 
     @ Support /proc/ccs/ access by non-root user.







1148
 
 







1149
 
       Until now, only root user can access /proc/ccs/ interface.







1150
 
       But to permit /proc/ccs/ access by non-root user so that







1151
 
       it won't require ssh login by root user when administrating







1152
 
       from remote host, I eased restrictions on this interface.







1153
 
 







1154
 
            (current->uid == 0 && current->euid == 0) ||







1155
 
            (current->uid != 0 && current->uid == inode->i_uid) ||







1156
 
            (current->gid != 0 && current->gid == inode->i_gid)







1157
 
 







1158
 
       The inode's uid and gid are set using chown/chgrp commands.
























Legend:



Removed from v.860
 


changed lines


 
Added in v.924













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.6.x/ccs-patch/README.ccs
-trunk/1.5.x/ccs-patch/README.ccs
revision 860 by kumaneko,
Fri Jan  4 04:41:41 2008 UTC
+trunk/1.6.x/ccs-patch/README.ccs
revision 924 by kumaneko,
Thu Jan 24 03:18:27 2008 UTC
 Line 1101 
 Fix 2007/12/18
        To my surprise, "mount --bind source dest" accepts
        not only "both source and dest are directory"
        but also "both source and dest are non-directory".
-       I was rejecting if dest is not a derectory in AddMountACL().
+       I was rejecting if dest is not a directory in AddMountACL().
      @ Change log format.
 Line 1127 
 Fix 2008/01/03
        common part.
        These changes will reduce memory used by policy.
+ Fix 2008/01/15
+     @ Add ptrace() hook.
+       To prevent attackers from controlling important processes using
+       ptrace(), I added a hook for ptrace().
+       Most programs (except strace(1) and gdb(1)) won't use ptrace(2).
+     @ Fix sleep condition check in CheckSocketRecvDatagramPermission().
+       It seems that correct method to use is in_atomic()
+       rather than in_interrupt() because in_atomic() returns nonzero
+       whenever scheduling is not allowed.
+ Fix 2008/01/24
+     @ Support /proc/ccs/ access by non-root user.
+       Until now, only root user can access /proc/ccs/ interface.
+       But to permit /proc/ccs/ access by non-root user so that
+       it won't require ssh login by root user when administrating
+       from remote host, I eased restrictions on this interface.
+            (current->uid == 0 && current->euid == 0) ||
+            (current->uid != 0 && current->uid == inode->i_uid) ||
+            (current->gid != 0 && current->gid == inode->i_gid)
+       The inode's uid and gid are set using chown/chgrp commands.
 Legend:



Removed from v.860
 


changed lines


 
Added in v.924
 Legend:



Removed from v.860
 


changed lines


 
Added in v.924
-Removed from v.860
+Added in v.924
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照