1. 03 Sep, 2021 1 commit
  2. 27 Jun, 2021 4 commits
  3. 05 Jun, 2021 1 commit
  4. 05 May, 2021 1 commit
    • Shawn Webb's avatar
      Bring in rename protection · a4049349
      Shawn Webb authored
      This is a modified version of the rename protection patches from Airbus.
      While importing and testing their patches, I discovered there were a few
      more places that needed the same fix applied for issue #1
      
      .
      Signed-off-by: Shawn Webb's avatarShawn Webb <shawn.webb@hardenedbsd.org>
      Submitted-by:	Airbus CyberSecurity SAS
      a4049349
  5. 04 May, 2021 1 commit
    • Shawn Webb's avatar
      Resolve kernel crash · 3622ed16
      Shawn Webb authored
      
      
      We need to force setting NAMEI_DBG_INITED because, being out-of-tree,
      we're not not able to check whether INVARIANTS is enabled. When
      INVARIANTS is enabled, the namei function performs a KASSERT on the
      debug flags being set.
      
      Ideally, this would be set by calling the NDBINIT_DBG macro, but that's
      gated by INVARIANTS.
      Signed-off-by: Shawn Webb's avatarShawn Webb <shawn.webb@hardenedbsd.org>
      Reported-by:	@loic
      issue:		#1
      3622ed16
  6. 30 Apr, 2021 2 commits
  7. 09 Apr, 2021 1 commit
    • Shawn Webb's avatar
      Fix SMAP violation · 730801e0
      Shawn Webb authored
      
      
      Under the right conditions, secadm may cause a kernel panic due to an
      SMAP violation:
      
      1. kldload secadm
      2. secadm add integriforce
      3. secadm show
      4. secadm flush
      5. secadm add integriforce
      6. secadm show <- panic here
      Signed-off-by: Shawn Webb's avatarShawn Webb <shawn.webb@hardenedbsd.org>
      Reported-by:	Airbus CyberSecurity SAS
      Submitted-by:	Airbus CyberSecurity SAS
      730801e0
  8. 21 Nov, 2020 2 commits
  9. 04 Jan, 2020 1 commit
  10. 03 Dec, 2018 1 commit
  11. 02 Oct, 2017 2 commits
  12. 14 Sep, 2017 2 commits
  13. 05 Sep, 2017 1 commit
  14. 30 Aug, 2017 1 commit
  15. 20 Jul, 2017 1 commit
  16. 09 Jul, 2017 1 commit
  17. 01 Dec, 2016 1 commit
  18. 14 Nov, 2016 1 commit
  19. 04 Nov, 2016 1 commit
  20. 21 Sep, 2016 4 commits
  21. 23 Aug, 2016 1 commit
  22. 11 Jun, 2016 1 commit
  23. 09 Jun, 2016 2 commits
  24. 11 Apr, 2016 2 commits
  25. 04 Apr, 2016 1 commit
    • Johannes Meixner's avatar
      Invert logic · 4987d9a4
      Johannes Meixner authored
      - add WITHOUT_KMOD variable for ports/hardenedbsd/secadm
      - add WITHOUT_CLI variable for ports/hardenedbsd/secadm-kmod
      4987d9a4
  26. 26 Mar, 2016 2 commits
  27. 07 Mar, 2016 1 commit
    • Shawn Webb's avatar
      Allow conditional deletion and modification of files. · 9291b24e
      Shawn Webb authored
      
      
      While here, remove code that shouldn't have been. Only rules that are
      protected by Integriforce should prevent modification. Files with PaX
      rules can still be modified.
      
      Only allow deletion of Integriforce-protected files or files with PaX
      rules if the rule pertaining to that file is disabled. Under no
      circumstance, allow deletion of files under Integriforce in whitelist
      mode.
      Signed-off-by: Shawn Webb's avatarShawn Webb <shawn.webb@hardenedbsd.org>
      github-issue:	#10
      9291b24e