RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 19:38:12 +00:00
Code Issues Activity Actions
serenity/Kernel
History
Liav A d4b65f644e Kernel: Allow opening some device nodes sparingly for jailed processes 
From now on, we don't allow jailed processes to open all device nodes in
/dev, but only allow jailed processes to open /dev/full, /dev/zero,
/dev/null, and various TTY and PTY devices (and not including virtual
consoles) so we basically restrict applications to what they can do when
they are in jail.
The motivation for this type of restriction is to ensure that even if a
remote code execution occurred, the damage that can be done is very
small.
We also don't restrict reading and writing on device nodes that were
already opened, because that limit seems not useful, especially in the
case where we do want to provide an OpenFileDescription to such device
but nothing further than that.
2022-12-09 23:09:00 -07:00
..
API AK+Everywhere: Rename String to DeprecatedString 2022-12-06 08:54:33 +01:00
Arch Kernel/aarch64: Initialize components that are already working 2022-12-08 09:20:27 +00:00
Bus Kernel: Allow opening some device nodes sparingly for jailed processes 2022-12-09 23:09:00 -07:00
Devices Kernel: Allow opening some device nodes sparingly for jailed processes 2022-12-09 23:09:00 -07:00
FileSystem Kernel: Add callback on ".." directory entry for a TmpFS root directory 2022-12-09 22:59:08 -07:00
Firmware Kernel: Move InterruptDisabler out of Arch directory 2022-10-17 20:11:31 +02:00
Graphics Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
Heap Kernel: Return nullptr instead of PANICking in KmallocSlabHeap 2022-12-07 16:31:16 +00:00
Interrupts Kernel+lsirq: Track per-CPU IRQ handler call counts 2022-11-19 15:39:30 +01:00
Library Everywhere: Remove 'clang-format off' comments that are no longer needed 2022-12-03 23:52:23 +00:00
Locking Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
Memory Kernel: Add missing VERIFY in MM::allocate_committed_physical_page 2022-12-07 16:31:16 +00:00
Net AK+Kernel: Handle some allocation failures in IPv4Socket and TCPSocket 2022-11-01 14:31:48 +00:00
Prekernel LibC: Use uintptr_t for __stack_chk_guard 2022-11-29 11:04:21 +01:00
Storage Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
Syscalls Kernel: Add some spec links and comments to sys$posix_fallocate() 2022-11-29 11:09:19 +01:00
Tasks Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
Time Kernel: Use AK::Time for InodeMetadata timestamps instead of time_t 2022-11-24 16:56:27 +01:00
TTY Kernel: Allow opening some device nodes sparingly for jailed processes 2022-12-09 23:09:00 -07:00
AddressSanitizer.cpp Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
AddressSanitizer.h Everywhere: Use bgianf@serenityos.org for my copyright attribution 2021-04-22 21:15:54 +02:00
Assertions.h Kernel: Replace VERIFY_NOT_REACHED with TODO_AARCH64 2022-10-16 17:35:37 +02:00
AtomicEdgeAction.h Kernel: Add per platform Processor.h headers 2021-10-14 01:23:08 +01:00
BootInfo.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
CMakeLists.txt Kernel+SystemServer: Don't hardcode coredump directory path 2022-12-03 05:56:59 -07:00
CommandLine.cpp AK+Everywhere: Turn bool keep_empty to an enum in split* functions 2022-10-24 23:29:18 +01:00
CommandLine.h Kernel/PCI: Don't use x86 initialization methods in non-x86 builds 2022-09-20 18:43:05 +01:00
Coredump.cpp Kernel+SystemServer: Don't hardcode coredump directory path 2022-12-03 05:56:59 -07:00
Coredump.h Kernel+SystemServer: Don't hardcode coredump directory path 2022-12-03 05:56:59 -07:00
Credentials.cpp Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
Credentials.h Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
Debug.h.in Kernel: Add support for the FAT32 filesystem 2022-10-14 18:36:40 -06:00
DoubleBuffer.cpp Kernel: Move InterruptDisabler out of Arch directory 2022-10-17 20:11:31 +02:00
DoubleBuffer.h Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
embedmap.sh Kernel: Make new kernel build process work on macOS 2021-07-15 11:04:30 +02:00
Forward.h Kernel: Split the FATFileSystem.{cpp,h} files into smaller components 2022-11-08 02:54:48 -07:00
FutexQueue.cpp Kernel: Propagate OOM conditions out of sys$futex 2022-07-21 16:39:22 +02:00
FutexQueue.h AK+Kernel: Add AK::AtomicRefCounted and use everywhere in the kernel 2022-08-20 17:15:52 +02:00
generate-version-file.sh Kernel: Bake version information into the Kernel 2022-10-14 13:45:33 +02:00
InterruptDisabler.h Kernel: Move InterruptDisabler out of Arch directory 2022-10-17 20:11:31 +02:00
IOWindow.cpp Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
IOWindow.h Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
Jail.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
Jail.h Kernel: Fix includes when building aarch64 2022-11-18 16:25:33 -08:00
JailManagement.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
JailManagement.h Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
KBuffer.h Kernel: Annotate all KBuffer and DoubleBuffer with a custom name 2022-07-12 00:55:31 +01:00
KBufferBuilder.cpp Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
KBufferBuilder.h Kernel: Expose .length() of KBufferBuilder 2022-05-06 02:12:51 +04:30
KLexicalPath.cpp Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
KLexicalPath.h Everywhere: Pass AK::StringView by value 2021-11-11 01:27:46 +01:00
kprintf.cpp Kernel: Don't blindly compile Bochs debug output code in ConsoleDevice 2022-09-20 18:43:05 +01:00
kstdio.h Kernel: Don't blindly compile Bochs debug output code in ConsoleDevice 2022-09-20 18:43:05 +01:00
KString.cpp Kernel: Add an error propagating KString::format(..) API :^) 2021-11-30 11:16:35 +01:00
KString.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
KSyms.cpp Kernel: Add ability to dump backtrace from provided frame pointer 2022-10-01 14:09:01 +02:00
KSyms.h Kernel: Add ability to dump backtrace from provided frame pointer 2022-10-01 14:09:01 +02:00
MiniStdLib.cpp Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
mkmap.sh Kernel: Use the toolchain's nm in mkmap.sh 2021-12-30 18:10:51 +01:00
Multiboot.h Kernel: Add basic aarch64 support to MemoryManager 2022-09-12 00:56:44 +01:00
Panic.cpp Kernel: Abstracts x86 reboot and shutdown specific methods 2022-09-20 18:43:05 +01:00
Panic.h Kernel: Implement __panic() for the aarch64 Kernel 2022-05-03 21:53:36 +02:00
PerformanceEventBuffer.cpp Kernel: Don't wrap AddressSpace's RegionTree in SpinlockProtected 2022-08-24 14:57:51 +02:00
PerformanceEventBuffer.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
PerformanceManager.h Everywhere: Fix a variety of typos 2022-09-14 04:46:49 +00:00
PhysicalAddress.h Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
Process.cpp Kernel+SystemServer: Don't hardcode coredump directory path 2022-12-03 05:56:59 -07:00
Process.h Kernel+LibCore+LibC: Implement support for forcing unveil on exec 2022-11-26 12:42:15 -07:00
ProcessExposed.cpp Kernel: Split the ProcFS core file into smaller components 2022-11-08 02:54:48 -07:00
ProcessExposed.h Kernel: Use AK::Time for InodeMetadata timestamps instead of time_t 2022-11-24 16:56:27 +01:00
ProcessGroup.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
ProcessGroup.h Kernel: Include missing headers for various files 2022-10-26 20:01:45 +02:00
ProcessProcFSTraits.cpp Kernel: Split the ProcFS core file into smaller components 2022-11-08 02:54:48 -07:00
ProcessSpecificExposed.cpp Kernel: Split the ProcFS core file into smaller components 2022-11-08 02:54:48 -07:00
Random.cpp Kernel/aarch64: Stub enough functions to build Random.cpp 2022-10-20 23:26:32 +02:00
Random.h Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
SanCov.cpp Kernel: Add some implied auto qualifiers 2021-12-30 14:32:17 +01:00
Scheduler.cpp Kernel: Call Processor::are_interrupts_enabled in Scheduler::idle_loop 2022-10-18 13:08:25 +02:00
Scheduler.h Kernel: Move Scheduler current time method to the TimeManagement code 2022-10-14 14:13:51 +02:00
Sections.h Kernel: Make the page table quickmaps per-CPU 2022-08-22 17:56:03 +02:00
StdLib.cpp Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
StdLib.h Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
Syscall.cpp Kernel: Don't directly include <Kernel/Arch/x86/TrapFrame.h> 2022-10-16 17:35:37 +02:00
Thread.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
Thread.h Kernel+LibC: Report correct scheduling priority limits 2022-10-27 11:30:19 +01:00
ThreadBlockers.cpp Kernel: Use InterruptsState in Spinlock code 2022-08-26 12:51:57 +02:00
ThreadTracer.cpp Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
ThreadTracer.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
TimerQueue.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
TimerQueue.h Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
UBSanitizer.cpp Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
UnixTypes.h Kernel: Add support for SA_SIGINFO 2022-03-04 20:07:05 +01:00
UserOrKernelBuffer.cpp Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T> 2021-11-08 01:10:53 +01:00
UserOrKernelBuffer.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
VirtualAddress.h Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
WaitQueue.cpp Kernel: Don't register thread as custom data for WaitQueueBlocker 2021-08-24 01:57:11 +02:00
WaitQueue.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
WorkQueue.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
WorkQueue.h Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00