#
259065 |
|
07-Dec-2013 |
gjb |
- Copy stable/10 (r259064) to releng/10.0 as part of the 10.0-RELEASE cycle. - Update __FreeBSD_version [1] - Set branch name to -RC1
[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so start releng/10.0 at '100' so the branch is started with a value ending in zero.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
173679 |
|
16-Nov-2007 |
bz |
Remove empty setup and cleanup functions for the pfkey test.
Add regression tests for privileged and supposedly unprivileged IP_IPSEC_POLICY,IPV6_IPSEC_POLICY setsockopt cases.
We may need to review the current 'good' results to make sure they reflect what we really want.
Discussed with: rwatson Reviewed by: rwatson
|
#
173578 |
|
13-Nov-2007 |
bz |
In sys/netipsec/keysock.c rev. 1.19 a missing priv check was added. Before that non-su users were able to open pfkey sockets as well.
Add a regression test so we can detect such problems in an automated way in the future.
|
#
172106 |
|
09-Sep-2007 |
rwatson |
Enhance and expand kernel privilege regression tests in support of work present in FreeBSD 7.0 to refine the kernel privilege model:
- Introduce support for jail as a testing variable, in order to confirm that privileges are properly restricted in the jail environment.
- Restructure overall testing approach so that privilege and jail conditions are set in the testing infrastructure before tests are invoked, and done so in a custom-created process to isolate the impact of tests from each other in a more consistent way.
- Tests now provide setup and cleanup hooks that occur before and after the test runs.
- New privilege tests are now present for several audit privileges, several credential management privileges, dmesg buffer reading privilege, and netinet raw socket creation.
- Other existing tests are restructured and generally improved as a result of better framework structure and jail as a variable. For exampe, we now test that certain sysctls are writable only outside jail, while others are writable within jail. On a similar note, privileges relating to setting UFS file flags are now better exercised, as with the right to chmod and utimes files.
Approved by: re (bmah) Obtained from: TrustedBSD Project
|
#
162271 |
|
13-Sep-2006 |
rwatson |
dd a series of regression tests to validate that privilege requirements are implemented properly for a number of kernel subsystems. In general, they try to exercise the privilege first as the root user, then as a test user, in order to determine when privilege is being checked.
Currently, these tests do not compare inside/outside jail, and probably should be enhanced to do that.
Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project
|