Move policies for KAUTH_PROCESS_{CANSEE,CORENAME,STOPFLAG,FORK} back to the subsystem. Note: Consider killing the signal listener and sticking KAUTH_PROCESS_SIGNAL here as well.diff -r1.152 -r1.153 src/sys/kern/kern_proc.c
(elad)
--- src/sys/kern/kern_proc.c 2009/05/23 18:28:06 1.152
+++ src/sys/kern/kern_proc.c 2009/10/03 03:38:31 1.153
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: kern_proc.c,v 1.152 2009/05/23 18:28:06 ad Exp $ */ | 1 | /* $NetBSD: kern_proc.c,v 1.153 2009/10/03 03:38:31 elad Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from software contributed to The NetBSD Foundation | 7 | * This code is derived from software contributed to The NetBSD Foundation | |
8 | * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, | 8 | * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, | |
9 | * NASA Ames Research Center, and by Andrew Doran. | 9 | * NASA Ames Research Center, and by Andrew Doran. | |
10 | * | 10 | * | |
11 | * Redistribution and use in source and binary forms, with or without | 11 | * Redistribution and use in source and binary forms, with or without | |
12 | * modification, are permitted provided that the following conditions | 12 | * modification, are permitted provided that the following conditions | |
13 | * are met: | 13 | * are met: | |
14 | * 1. Redistributions of source code must retain the above copyright | 14 | * 1. Redistributions of source code must retain the above copyright | |
@@ -52,27 +52,27 @@ | @@ -52,27 +52,27 @@ | |||
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
59 | * SUCH DAMAGE. | 59 | * SUCH DAMAGE. | |
60 | * | 60 | * | |
61 | * @(#)kern_proc.c 8.7 (Berkeley) 2/14/95 | 61 | * @(#)kern_proc.c 8.7 (Berkeley) 2/14/95 | |
62 | */ | 62 | */ | |
63 | 63 | |||
64 | #include <sys/cdefs.h> | 64 | #include <sys/cdefs.h> | |
65 | __KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.152 2009/05/23 18:28:06 ad Exp $"); | 65 | __KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.153 2009/10/03 03:38:31 elad Exp $"); | |
66 | 66 | |||
67 | #include "opt_kstack.h" | 67 | #include "opt_kstack.h" | |
68 | #include "opt_maxuprc.h" | 68 | #include "opt_maxuprc.h" | |
69 | 69 | |||
70 | #include <sys/param.h> | 70 | #include <sys/param.h> | |
71 | #include <sys/systm.h> | 71 | #include <sys/systm.h> | |
72 | #include <sys/kernel.h> | 72 | #include <sys/kernel.h> | |
73 | #include <sys/proc.h> | 73 | #include <sys/proc.h> | |
74 | #include <sys/resourcevar.h> | 74 | #include <sys/resourcevar.h> | |
75 | #include <sys/buf.h> | 75 | #include <sys/buf.h> | |
76 | #include <sys/acct.h> | 76 | #include <sys/acct.h> | |
77 | #include <sys/wait.h> | 77 | #include <sys/wait.h> | |
78 | #include <sys/file.h> | 78 | #include <sys/file.h> | |
@@ -225,26 +225,100 @@ const struct proclist_desc proclists[] = | @@ -225,26 +225,100 @@ const struct proclist_desc proclists[] = | |||
225 | { &allproc }, | 225 | { &allproc }, | |
226 | { &zombproc }, | 226 | { &zombproc }, | |
227 | { NULL }, | 227 | { NULL }, | |
228 | }; | 228 | }; | |
229 | 229 | |||
230 | static struct pgrp * pg_remove(pid_t); | 230 | static struct pgrp * pg_remove(pid_t); | |
231 | static void pg_delete(pid_t); | 231 | static void pg_delete(pid_t); | |
232 | static void orphanpg(struct pgrp *); | 232 | static void orphanpg(struct pgrp *); | |
233 | 233 | |||
234 | static specificdata_domain_t proc_specificdata_domain; | 234 | static specificdata_domain_t proc_specificdata_domain; | |
235 | 235 | |||
236 | static pool_cache_t proc_cache; | 236 | static pool_cache_t proc_cache; | |
237 | 237 | |||
238 | static kauth_listener_t proc_listener; | |||
239 | ||||
240 | static int | |||
241 | proc_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, | |||
242 | void *arg0, void *arg1, void *arg2, void *arg3) | |||
243 | { | |||
244 | struct proc *p; | |||
245 | int result; | |||
246 | ||||
247 | result = KAUTH_RESULT_DEFER; | |||
248 | p = arg0; | |||
249 | ||||
250 | switch (action) { | |||
251 | case KAUTH_PROCESS_CANSEE: { | |||
252 | enum kauth_process_req req; | |||
253 | ||||
254 | req = (enum kauth_process_req)arg1; | |||
255 | ||||
256 | switch (req) { | |||
257 | case KAUTH_REQ_PROCESS_CANSEE_ARGS: | |||
258 | case KAUTH_REQ_PROCESS_CANSEE_ENTRY: | |||
259 | case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: | |||
260 | result = KAUTH_RESULT_ALLOW; | |||
261 | ||||
262 | break; | |||
263 | ||||
264 | case KAUTH_REQ_PROCESS_CANSEE_ENV: | |||
265 | if (kauth_cred_getuid(cred) != | |||
266 | kauth_cred_getuid(p->p_cred) || | |||
267 | kauth_cred_getuid(cred) != | |||
268 | kauth_cred_getsvuid(p->p_cred)) | |||
269 | break; | |||
270 | ||||
271 | result = KAUTH_RESULT_ALLOW; | |||
272 | ||||
273 | break; | |||
274 | ||||
275 | default: | |||
276 | break; | |||
277 | } | |||
278 | ||||
279 | break; | |||
280 | } | |||
281 | ||||
282 | case KAUTH_PROCESS_FORK: { | |||
283 | int lnprocs = (int)(unsigned long)arg2; | |||
284 | ||||
285 | /* | |||
286 | * Don't allow a nonprivileged user to use the last few | |||
287 | * processes. The variable lnprocs is the current number of | |||
288 | * processes, maxproc is the limit. | |||
289 | */ | |||
290 | if (__predict_false((lnprocs >= maxproc - 5))) | |||
291 | break; | |||
292 | ||||
293 | result = KAUTH_RESULT_ALLOW; | |||
294 | ||||
295 | break; | |||
296 | } | |||
297 | ||||
298 | case KAUTH_PROCESS_CORENAME: | |||
299 | case KAUTH_PROCESS_STOPFLAG: | |||
300 | if (proc_uidmatch(cred, p->p_cred) == 0) | |||
301 | result = KAUTH_RESULT_ALLOW; | |||
302 | ||||
303 | break; | |||
304 | ||||
305 | default: | |||
306 | break; | |||
307 | } | |||
308 | ||||
309 | return result; | |||
310 | } | |||
311 | ||||
238 | /* | 312 | /* | |
239 | * Initialize global process hashing structures. | 313 | * Initialize global process hashing structures. | |
240 | */ | 314 | */ | |
241 | void | 315 | void | |
242 | procinit(void) | 316 | procinit(void) | |
243 | { | 317 | { | |
244 | const struct proclist_desc *pd; | 318 | const struct proclist_desc *pd; | |
245 | u_int i; | 319 | u_int i; | |
246 | #define LINK_EMPTY ((PID_MAX + INITIAL_PID_TABLE_SIZE) & ~(INITIAL_PID_TABLE_SIZE - 1)) | 320 | #define LINK_EMPTY ((PID_MAX + INITIAL_PID_TABLE_SIZE) & ~(INITIAL_PID_TABLE_SIZE - 1)) | |
247 | 321 | |||
248 | for (pd = proclists; pd->pd_list != NULL; pd++) | 322 | for (pd = proclists; pd->pd_list != NULL; pd++) | |
249 | LIST_INIT(pd->pd_list); | 323 | LIST_INIT(pd->pd_list); | |
250 | 324 | |||
@@ -262,26 +336,29 @@ procinit(void) | @@ -262,26 +336,29 @@ procinit(void) | |||
262 | next_free_pt = 1; | 336 | next_free_pt = 1; | |
263 | /* Need to fix last entry. */ | 337 | /* Need to fix last entry. */ | |
264 | last_free_pt = pid_tbl_mask; | 338 | last_free_pt = pid_tbl_mask; | |
265 | pid_table[last_free_pt].pt_proc = P_FREE(LINK_EMPTY); | 339 | pid_table[last_free_pt].pt_proc = P_FREE(LINK_EMPTY); | |
266 | /* point at which we grow table - to avoid reusing pids too often */ | 340 | /* point at which we grow table - to avoid reusing pids too often */ | |
267 | pid_alloc_lim = pid_tbl_mask - 1; | 341 | pid_alloc_lim = pid_tbl_mask - 1; | |
268 | #undef LINK_EMPTY | 342 | #undef LINK_EMPTY | |
269 | 343 | |||
270 | proc_specificdata_domain = specificdata_domain_create(); | 344 | proc_specificdata_domain = specificdata_domain_create(); | |
271 | KASSERT(proc_specificdata_domain != NULL); | 345 | KASSERT(proc_specificdata_domain != NULL); | |
272 | 346 | |||
273 | proc_cache = pool_cache_init(sizeof(struct proc), 0, 0, 0, | 347 | proc_cache = pool_cache_init(sizeof(struct proc), 0, 0, 0, | |
274 | "procpl", NULL, IPL_NONE, NULL, NULL, NULL); | 348 | "procpl", NULL, IPL_NONE, NULL, NULL, NULL); | |
349 | ||||
350 | proc_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, | |||
351 | proc_listener_cb, NULL); | |||
275 | } | 352 | } | |
276 | 353 | |||
277 | /* | 354 | /* | |
278 | * Initialize process 0. | 355 | * Initialize process 0. | |
279 | */ | 356 | */ | |
280 | void | 357 | void | |
281 | proc0_init(void) | 358 | proc0_init(void) | |
282 | { | 359 | { | |
283 | struct proc *p; | 360 | struct proc *p; | |
284 | struct pgrp *pg; | 361 | struct pgrp *pg; | |
285 | struct session *sess; | 362 | struct session *sess; | |
286 | struct lwp *l; | 363 | struct lwp *l; | |
287 | rlim_t lim; | 364 | rlim_t lim; |
--- src/sys/secmodel/suser/secmodel_suser.c 2009/10/03 03:02:55 1.24
+++ src/sys/secmodel/suser/secmodel_suser.c 2009/10/03 03:38:31 1.25
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_suser.c,v 1.24 2009/10/03 03:02:55 elad Exp $ */ | 1 | /* $NetBSD: secmodel_suser.c,v 1.25 2009/10/03 03:38:31 elad Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -28,27 +28,27 @@ | @@ -28,27 +28,27 @@ | |||
28 | 28 | |||
29 | /* | 29 | /* | |
30 | * This file contains kauth(9) listeners needed to implement the traditional | 30 | * This file contains kauth(9) listeners needed to implement the traditional | |
31 | * NetBSD superuser access restrictions. | 31 | * NetBSD superuser access restrictions. | |
32 | * | 32 | * | |
33 | * There are two main resources a request can be issued to: user-owned and | 33 | * There are two main resources a request can be issued to: user-owned and | |
34 | * system owned. For the first, traditional Unix access checks are done, as | 34 | * system owned. For the first, traditional Unix access checks are done, as | |
35 | * well as superuser checks. If needed, the request context is examined before | 35 | * well as superuser checks. If needed, the request context is examined before | |
36 | * a decision is made. For the latter, usually only superuser checks are done | 36 | * a decision is made. For the latter, usually only superuser checks are done | |
37 | * as normal users are not allowed to access system resources. | 37 | * as normal users are not allowed to access system resources. | |
38 | */ | 38 | */ | |
39 | 39 | |||
40 | #include <sys/cdefs.h> | 40 | #include <sys/cdefs.h> | |
41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.24 2009/10/03 03:02:55 elad Exp $"); | 41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.25 2009/10/03 03:38:31 elad Exp $"); | |
42 | 42 | |||
43 | #include <sys/types.h> | 43 | #include <sys/types.h> | |
44 | #include <sys/param.h> | 44 | #include <sys/param.h> | |
45 | #include <sys/kauth.h> | 45 | #include <sys/kauth.h> | |
46 | 46 | |||
47 | #include <sys/mutex.h> | 47 | #include <sys/mutex.h> | |
48 | #include <sys/mount.h> | 48 | #include <sys/mount.h> | |
49 | #include <sys/socketvar.h> | 49 | #include <sys/socketvar.h> | |
50 | #include <sys/sysctl.h> | 50 | #include <sys/sysctl.h> | |
51 | #include <sys/vnode.h> | 51 | #include <sys/vnode.h> | |
52 | #include <sys/proc.h> | 52 | #include <sys/proc.h> | |
53 | #include <sys/uidinfo.h> | 53 | #include <sys/uidinfo.h> | |
54 | #include <sys/module.h> | 54 | #include <sys/module.h> | |
@@ -486,114 +486,88 @@ secmodel_suser_process_cb(kauth_cred_t c | @@ -486,114 +486,88 @@ secmodel_suser_process_cb(kauth_cred_t c | |||
486 | p = arg0; | 486 | p = arg0; | |
487 | 487 | |||
488 | switch (action) { | 488 | switch (action) { | |
489 | case KAUTH_PROCESS_SIGNAL: | 489 | case KAUTH_PROCESS_SIGNAL: | |
490 | case KAUTH_PROCESS_KTRACE: | 490 | case KAUTH_PROCESS_KTRACE: | |
491 | case KAUTH_PROCESS_PROCFS: | 491 | case KAUTH_PROCESS_PROCFS: | |
492 | case KAUTH_PROCESS_PTRACE: | 492 | case KAUTH_PROCESS_PTRACE: | |
493 | case KAUTH_PROCESS_SCHEDULER_GETPARAM: | 493 | case KAUTH_PROCESS_SCHEDULER_GETPARAM: | |
494 | case KAUTH_PROCESS_SCHEDULER_SETPARAM: | 494 | case KAUTH_PROCESS_SCHEDULER_SETPARAM: | |
495 | case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: | 495 | case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: | |
496 | case KAUTH_PROCESS_SETID: | 496 | case KAUTH_PROCESS_SETID: | |
497 | case KAUTH_PROCESS_KEVENT_FILTER: | 497 | case KAUTH_PROCESS_KEVENT_FILTER: | |
498 | case KAUTH_PROCESS_NICE: | 498 | case KAUTH_PROCESS_NICE: | |
499 | case KAUTH_PROCESS_FORK: | |||
500 | case KAUTH_PROCESS_CORENAME: | |||
501 | case KAUTH_PROCESS_STOPFLAG: | |||
499 | if (isroot) | 502 | if (isroot) | |
500 | result = KAUTH_RESULT_ALLOW; | 503 | result = KAUTH_RESULT_ALLOW; | |
501 | 504 | |||
502 | break; | 505 | break; | |
503 | 506 | |||
504 | case KAUTH_PROCESS_CANSEE: { | 507 | case KAUTH_PROCESS_CANSEE: { | |
505 | unsigned long req; | 508 | unsigned long req; | |
506 | 509 | |||
507 | req = (unsigned long)arg1; | 510 | req = (unsigned long)arg1; | |
508 | 511 | |||
509 | switch (req) { | 512 | switch (req) { | |
510 | case KAUTH_REQ_PROCESS_CANSEE_ARGS: | 513 | case KAUTH_REQ_PROCESS_CANSEE_ARGS: | |
511 | case KAUTH_REQ_PROCESS_CANSEE_ENTRY: | 514 | case KAUTH_REQ_PROCESS_CANSEE_ENTRY: | |
512 | case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: | 515 | case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: | |
513 | if (!secmodel_suser_curtain) | 516 | if (isroot) { | |
514 | result = KAUTH_RESULT_ALLOW; | |||
515 | else if (isroot || kauth_cred_uidmatch(cred, p->p_cred)) | |||
516 | result = KAUTH_RESULT_ALLOW; | 517 | result = KAUTH_RESULT_ALLOW; | |
518 | break; | |||
519 | } | |||
520 | ||||
521 | if (secmodel_suser_curtain) { | |||
522 | if (kauth_cred_uidmatch(cred, p->p_cred) != 0) | |||
523 | result = KAUTH_RESULT_DENY; | |||
524 | } | |||
525 | ||||
517 | break; | 526 | break; | |
518 | 527 | |||
519 | case KAUTH_REQ_PROCESS_CANSEE_ENV: | 528 | case KAUTH_REQ_PROCESS_CANSEE_ENV: | |
520 | if (!isroot && | 529 | if (isroot) | |
521 | (kauth_cred_getuid(cred) != | |||
522 | kauth_cred_getuid(p->p_cred) || | |||
523 | kauth_cred_getuid(cred) != | |||
524 | kauth_cred_getsvuid(p->p_cred))) | |||
525 | break; | |||
526 | else | |||
527 | result = KAUTH_RESULT_ALLOW; | 530 | result = KAUTH_RESULT_ALLOW; | |
528 | 531 | |||
529 | break; | 532 | break; | |
530 | 533 | |||
531 | default: | 534 | default: | |
532 | break; | 535 | break; | |
533 | } | 536 | } | |
534 | 537 | |||
535 | break; | 538 | break; | |
536 | } | 539 | } | |
537 | 540 | |||
538 | case KAUTH_PROCESS_CORENAME: | |||
539 | if (isroot || proc_uidmatch(cred, p->p_cred) == 0) | |||
540 | result = KAUTH_RESULT_ALLOW; | |||
541 | ||||
542 | break; | |||
543 | ||||
544 | case KAUTH_PROCESS_FORK: { | |||
545 | int lnprocs = (int)(unsigned long)arg2; | |||
546 | ||||
547 | /* | |||
548 | * Don't allow a nonprivileged user to use the last few | |||
549 | * processes. The variable lnprocs is the current number of | |||
550 | * processes, maxproc is the limit. | |||
551 | */ | |||
552 | if (__predict_false((lnprocs >= maxproc - 5) && !isroot)) | |||
553 | break; | |||
554 | else | |||
555 | result = KAUTH_RESULT_ALLOW; | |||
556 | ||||
557 | break; | |||
558 | } | |||
559 | ||||
560 | case KAUTH_PROCESS_RLIMIT: { | 541 | case KAUTH_PROCESS_RLIMIT: { | |
561 | enum kauth_process_req req; | 542 | enum kauth_process_req req; | |
562 | 543 | |||
563 | req = (enum kauth_process_req)(unsigned long)arg1; | 544 | req = (enum kauth_process_req)(unsigned long)arg1; | |
564 | 545 | |||
565 | switch (req) { | 546 | switch (req) { | |
566 | case KAUTH_REQ_PROCESS_RLIMIT_SET: | 547 | case KAUTH_REQ_PROCESS_RLIMIT_SET: | |
567 | case KAUTH_REQ_PROCESS_RLIMIT_GET: | 548 | case KAUTH_REQ_PROCESS_RLIMIT_GET: | |
568 | if (isroot) | 549 | if (isroot) | |
569 | result = KAUTH_RESULT_ALLOW; | 550 | result = KAUTH_RESULT_ALLOW; | |
570 | 551 | |||
571 | break; | 552 | break; | |
572 | 553 | |||
573 | default: | 554 | default: | |
574 | break; | 555 | break; | |
575 | } | 556 | } | |
576 | 557 | |||
577 | break; | 558 | break; | |
578 | } | 559 | } | |
579 | 560 | |||
580 | case KAUTH_PROCESS_STOPFLAG: | |||
581 | if (isroot || proc_uidmatch(cred, p->p_cred) == 0) { | |||
582 | result = KAUTH_RESULT_ALLOW; | |||
583 | break; | |||
584 | } | |||
585 | break; | |||
586 | ||||
587 | default: | 561 | default: | |
588 | break; | 562 | break; | |
589 | } | 563 | } | |
590 | 564 | |||
591 | return (result); | 565 | return (result); | |
592 | } | 566 | } | |
593 | 567 | |||
594 | /* | 568 | /* | |
595 | * kauth(9) listener | 569 | * kauth(9) listener | |
596 | * | 570 | * | |
597 | * Security model: Traditional NetBSD | 571 | * Security model: Traditional NetBSD | |
598 | * Scope: Network | 572 | * Scope: Network | |
599 | * Responsibility: Superuser access | 573 | * Responsibility: Superuser access |