mac_portacl.c (138556) | mac_portacl.c (151897) |
---|---|
1/*- 2 * Copyright (c) 2003-2004 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by Network 6 * Associates Laboratories, the Security Research Division of Network 7 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 8 * as part of the DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * | 1/*- 2 * Copyright (c) 2003-2004 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by Network 6 * Associates Laboratories, the Security Research Division of Network 7 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 8 * as part of the DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * |
31 * $FreeBSD: head/sys/security/mac_portacl/mac_portacl.c 138556 2004-12-08 11:46:44Z rwatson $ | 31 * $FreeBSD: head/sys/security/mac_portacl/mac_portacl.c 151897 2005-10-31 15:41:29Z rwatson $ |
32 */ 33 34/* 35 * Developed by the TrustedBSD Project. 36 * 37 * Administratively limit access to local UDP/TCP ports for binding purposes. 38 * Intended to be combined with net.inet.ip.portrange.reservedhigh to allow 39 * specific uids and gids to bind specific ports for specific purposes, --- 68 unchanged lines hidden (view full) --- 108TUNABLE_INT("security.mac.portacl.autoport_exempt", 109 &mac_portacl_autoport_exempt); 110 111static int mac_portacl_port_high = 1023; 112SYSCTL_INT(_security_mac_portacl, OID_AUTO, port_high, CTLFLAG_RW, 113 &mac_portacl_port_high, 0, "Highest port to enforce for"); 114TUNABLE_INT("security.mac.portacl.port_high", &mac_portacl_port_high); 115 | 32 */ 33 34/* 35 * Developed by the TrustedBSD Project. 36 * 37 * Administratively limit access to local UDP/TCP ports for binding purposes. 38 * Intended to be combined with net.inet.ip.portrange.reservedhigh to allow 39 * specific uids and gids to bind specific ports for specific purposes, --- 68 unchanged lines hidden (view full) --- 108TUNABLE_INT("security.mac.portacl.autoport_exempt", 109 &mac_portacl_autoport_exempt); 110 111static int mac_portacl_port_high = 1023; 112SYSCTL_INT(_security_mac_portacl, OID_AUTO, port_high, CTLFLAG_RW, 113 &mac_portacl_port_high, 0, "Highest port to enforce for"); 114TUNABLE_INT("security.mac.portacl.port_high", &mac_portacl_port_high); 115 |
116MALLOC_DEFINE(M_PORTACL, "portacl rule", "Rules for mac_portacl"); | 116MALLOC_DEFINE(M_PORTACL, "mac_portacl_rule", "Rules for mac_portacl"); |
117 118#define MAC_RULE_STRING_LEN 1024 119 120#define RULE_GID 1 121#define RULE_UID 2 122#define RULE_PROTO_TCP 1 123#define RULE_PROTO_UDP 2 124struct rule { --- 374 unchanged lines hidden --- | 117 118#define MAC_RULE_STRING_LEN 1024 119 120#define RULE_GID 1 121#define RULE_UID 2 122#define RULE_PROTO_TCP 1 123#define RULE_PROTO_UDP 2 124struct rule { --- 374 unchanged lines hidden --- |