minix/etc/mtree/NetBSD.dist.base

206 lines
3.9 KiB
Text
Raw Normal View History

# $NetBSD: NetBSD.dist.base,v 1.103 2012/06/21 04:30:04 pgoyette Exp $
# @(#)4.4BSD.dist 8.1 (Berkeley) 6/13/93
# Do not customize this file as it may be overwritten on upgrades.
# Put your custom specifications in /etc/mtree/special.local.
# See security.conf(5) for details.
#
# LSC This file has been adapted for MINIX
#
# Standard directories
/set type=dir uid=0 gid=0 mode=0755
.
./bin
./boot
./boot/minix
./boot/minix_default
./dev
Add PTYFS, Unix98 pseudo terminal support This patch adds support for Unix98 pseudo terminals, that is, posix_openpt(3), grantpt(3), unlockpt(3), /dev/ptmx, and /dev/pts/. The latter is implemented with a new pseudo file system, PTYFS. In effect, this patch adds secure support for unprivileged pseudo terminal allocation, allowing programs such as tmux(1) to be used by non-root users as well. Test77 has been extended with new tests, and no longer needs to run as root. The new functionality is optional. To revert to the old behavior, remove the "ptyfs" entry from /etc/fstab. Technical nodes: o The reason for not implementing the NetBSD /dev/ptm approach is that implementing the corresponding ioctl (TIOCPTMGET) would require adding a number of extremely hairy exceptions to VFS, including the PTY driver having to create new file descriptors for its own device nodes. o PTYFS is required for Unix98 PTYs in order to avoid that the PTY driver has to be aware of old-style PTY naming schemes and even has to call chmod(2) on a disk-backed file system. PTY cannot be its own PTYFS since a character driver may currently not also be a file system. However, PTYFS may be subsumed into a DEVFS in the future. o The Unix98 PTY behavior differs somewhat from NetBSD's, in that slave nodes are created on ptyfs only upon the first call to grantpt(3). This approach obviates the need to revoke access as part of the grantpt(3) call. o Shutting down PTY may leave slave nodes on PTYFS, but once PTY is restarted, these leftover slave nodes will be removed before they create a security risk. Unmounting PTYFS will make existing PTY slaves permanently unavailable, and absence of PTYFS will block allocation of new Unix98 PTYs until PTYFS is (re)mounted. Change-Id: I822b43ba32707c8815fd0f7d5bb7a438f51421c1
2015-06-22 19:14:34 +02:00
./dev/pts
./etc
./etc/X11
./etc/X11/fs
./etc/X11/lbxproxy
./etc/X11/proxymngr
./etc/X11/rstart
./etc/X11/rstart/commands
./etc/X11/rstart/commands/x11r6
./etc/X11/rstart/contexts
./etc/X11/twm
./etc/X11/xdm
./etc/X11/xinit
./etc/X11/xserver
./etc/X11/xsm
./etc/defaults
./etc/devmand
./etc/devmand/scripts
./etc/fonts
./etc/fonts/conf.avail
./etc/fonts/conf.d
./etc/mtree
./etc/skel
./etc/system.conf.d
./home
./lib
./mnt
./proc
./root
./sbin
./service
./sys
./usr
./usr/adm
./usr/adm/old
./usr/bin
./usr/etc
./usr/games
./usr/games/hide gname=games mode=0750
./usr/include
./usr/include/arpa
./usr/include/clang-3.4
./usr/include/compat
./usr/include/compat/machine
./usr/include/ddekit
./usr/include/ddekit/minix
./usr/include/dev
./usr/include/dev/pci
./usr/include/event2
./usr/include/fs
./usr/include/g++
./usr/include/i386
./usr/include/lutok
./usr/include/lzma
./usr/include/isofs
./usr/include/isofs/cd9660
./usr/include/minix
./usr/include/msdosfs
./usr/include/net
./usr/include/net/gen
./usr/include/netpgp
./usr/include/openssl
./usr/include/ppath
./usr/include/prop
./usr/include/protocols
./usr/include/readline
./usr/include/rpcsvc
./usr/include/ssp
./usr/include/sys
./usr/include/ufs
./usr/include/ufs/chfs
./usr/include/ufs/ext2fs
./usr/include/ufs/ffs
./usr/include/ufs/lfs
./usr/include/ufs/mfs
./usr/include/ufs/ufs
./usr/lib
./usr/lib/bc
./usr/lib/cawf
./usr/lib/dict
./usr/lib/flex
./usr/lib/fonts
./usr/lib/keymaps
./usr/lib/lua
./usr/lib/lua/5.1
./usr/lib/pkgconfig
./usr/libexec
./usr/log
./usr/man
./usr/man/man1
./usr/man/man2
./usr/man/man3
./usr/man/man4
./usr/man/man5
./usr/man/man6
./usr/man/man7
./usr/man/man8
./usr/man/man9
./usr/mdec
./usr/pkg
./usr/pkg/etc
./usr/pkg/etc/rc.d
./usr/preserve
./usr/run
./usr/sbin
Basic live rerandomization infrastructure This commits adds a basic infrastructure to support Address Space Randomization (ASR). In a nutshell, using the already imported ASR LLVM pass, multiple versions can be generated for the same system service, each with a randomized, different address space layout. Combined with the magic instrumentation for state transfer, a system service can be live updated into another ASR-randomized version at runtime, thus providing live rerandomization. Since MINIX3 is not yet capable of running LLVM linker passes, the ASR-randomized service binaries have to be pregenerated during crosscompilation. These pregenerated binaries can then be cycled through at runtime. This patch provides the basic proof-of-concept infrastructure for both these parts. In order to support pregeneration, the clientctl host script has been extended with a "buildasr" command. It is to be used after building the entire system with bitcode and magic support, and will produce a given number of ASR-randomized versions of all system services. These services are placed in /usr/service/asr in the image that is generated as final step by the "buildasr" command. In order to support runtime updating, a new update_asr(8) command has been added to MINIX3. This command attempts to live-update the running system services into their next ASR-randomized versions. For now, this command is not run automatically, and thus must be invoked manually. Technical notes: - For various reasons, magic instrumentation is x86-only for now, and ASR functionality is therefore to be used on x86 only as well. - The ASR-randomized binaries are placed in numbered subdirectories so as not to have to change their actual program names, which are assumed to be static in various places (system.conf, procfs). - The root partition is typically too small to contain all the produced binaries, which is why we introduce /usr/service. There is a symlink from /service/asr to /usr/service/asr for no other reason than to let userland continue to assume that all services are reachable through /service. - The ASR count field (r_asr_count/ASRcount) maintained by RS is not used within RS in any way; it is only passed through procfs to userland in order to allow update_asr(8) to keep track of which version is currently loaded without having to maintain own state. - Ideally, pre-instrumentation linking of a service would remove all its randomized versions. Currently, the user is assumed not to perform ASR instrumentation and then recompile system services without performing ASR instrumentation again, as the randomized binaries included in the image would then be stale. This aspect has to be improved later. - Various other issues are flagged in the comments of the various parts of this patch. Change-Id: I093ad57f31c18305591f64b2d491272288aa0937
2015-09-06 08:06:24 +02:00
./usr/service
./usr/service/asr
./usr/share
./usr/share/calendar
./usr/share/doc
./usr/share/doc/html
./usr/share/doc/html/bzip2
./usr/share/doc/psd
./usr/share/doc/psd/19.curses
./usr/share/doc/usd
./usr/share/doc/usd/03.shell
./usr/share/doc/usd/04.csh
./usr/share/doc/usd/30.rogue
./usr/share/examples
./usr/share/examples/libsaslc
./usr/share/examples/libsaslc/mech
./usr/share/examples/openssl
./usr/share/examples/tmux
./usr/share/info
./usr/share/games
./usr/share/games/fortune
./usr/share/misc
./usr/share/legal
./usr/share/mk
./usr/share/nvi
./usr/share/nvi/catalog
./usr/share/terminfo
./usr/share/zoneinfo
./usr/share/zoneinfo/Africa
./usr/share/zoneinfo/America
./usr/share/zoneinfo/America/Argentina
./usr/share/zoneinfo/America/Indiana
./usr/share/zoneinfo/America/Kentucky
./usr/share/zoneinfo/America/North_Dakota
./usr/share/zoneinfo/Antarctica
./usr/share/zoneinfo/Arctic
./usr/share/zoneinfo/Asia
./usr/share/zoneinfo/Atlantic
./usr/share/zoneinfo/Australia
./usr/share/zoneinfo/Brazil
./usr/share/zoneinfo/Canada
./usr/share/zoneinfo/Chile
./usr/share/zoneinfo/Etc
./usr/share/zoneinfo/Europe
./usr/share/zoneinfo/Indian
./usr/share/zoneinfo/Mexico
./usr/share/zoneinfo/Mideast
./usr/share/zoneinfo/Pacific
./usr/share/zoneinfo/US
./usr/spool
./usr/spool/at
./usr/spool/at/past
./usr/spool/crontabs
./usr/spool/locks
./usr/spool/lpd
./usr/src
./usr/tests
./usr/var
./usr/var/db
./usr/var/db/pkg
./usr/var/run
./var
./var/db
./var/db/obsolete
./var/games uname=games gname=games mode=0775
./var/mail
./var/run
# Directories with special access rights
/set type=dir uid=0 gid=0 mode=1777
./tmp
./usr/tmp
/set type=dir uid=2 gid=0 mode=755
./usr/tests/minix-posix
./usr/tests/minix-posix/blocktest
./usr/tests/minix-posix/ddekit
# this one is for term(1)
/set type=dir uid=0 gid=5 mode=775
./usr/spool/locks