build: Better Build System

1 files changed, 0 insertions, 197 deletions

diff --git a/static/v10/man1/session.1 b/static/v10/man1/session.1
deleted file mode 100644
index cb811180..00000000
--- a/static/v10/man1/session.1
+++ /dev/null
@@ -1,197 +0,0 @@
-.TH SESSION 1
-.CT 1 sa_nonmortals secur
-.SH NAME
-session, drop, runlow \- substitute labels temporarily
-.SH SYNOPSIS
-.B session
-[ 
-.I option ...
-]
-.PP
-.B priv session
-[ 
-.I option ...
-]
-.PP
-.B runlow 
-.I command
-.PP
-.B drop
-[ 
-.B -l
-.I label
-]
-[
-.I command-arg ... 
-]
-.SH DESCRIPTION
-.I Session
-sets a temporary security label for the duration of one command.
-The ceiling is raised sufficiently to cover the requested
-label, up to the authorization recorded for the
-current login name.
-If no
-.I command-args
-are given, the command is taken to be a shell:
-.IR sh (1)
-above the system floor, or
-.IR nosh (8)
-below.
-With
-.I command-args,
-the specified command is run; there is no shell-like path search.
-.PP
-If the current ceiling does not dominate the new ceiling,
-or the the new process label is below the system floor
-and does not dominate the current label
-.I session 
-must be invoked through
-.IR priv (1).
-.LP
-The options are
-.TP
-.BI -l " label
-Set the process label and the label of
-the standard input to the given value, specified as in
-.IR atolab ;
-see
-.IR labtoa (3).
-If the value does not dominate the current process label,
-clear the environment and pass no arguments to the
-invoked command.
-If 
-.I label
-is missing, it is taken to be the system floor.
-.TP
-.BI -C " label
-Set the process ceiling at or above the given value.
-If
-.I label
-is missing, it is taken to be the process label.
-.TP
-.BI -u " user
-The password for
-.I user
-will be demanded.
-The fact that the password has been presented will be recorded
-in the stream identifier (see
-.IR stream (4))
-of the standard input.
-For the duration
-of the session, further queries for that password will succeed
-automatically.
-If
-.I user
-is missing, it is taken to be the current login name.
-.TP
-.B -x
-Replace current session instead of suspending it 
-for the duration of the new session (like
-.B exec
-in
-.IR sh (1)).
-.TP
-.BI -c " command-arg ... 
-Instead of a shell, run the given command with the given arguments.
-This option must come last.
-.PP
-To change labels, the input source must come over
-a trustable channel, in particular neither from an
-untrusted computer nor from a terminal into which
-untrusted code has been downloaded.
-The request may require confirmation to assure that no
-software has tampered with it; answer
-.L y
-for yes.
-Confirmation and password inquiries happen under cover of
-.IR pex (4).
-In a
-.IR mux (9.1)
-window, this gives a visible indication; a missing indication
-is a sign of spoofing.
-.PP
-.I Runlow
-runs a command, starting the label at bottom, somewhat like
-.BR "session -l 0" ,
-but without changing the label of the standard input.
-The executable file is located according to environment variable
-.B $PATH
-as in 
-.IR sh (1).
-The command receives empty argument and environment lists,
-but inherits open file descriptors; only descriptors 0-3
-are allowed.
-The process label will immediately rise to dominate that of
-the executable file.
-.PP
-.I Drop
-sets the process ceiling
-to
-.I label
-(by default to the process label)
-for the running of one
-.I command
-with the given
-.I arguments.
-If no
-.I command
-is given, 
-.F /bin/sh
-is run.
-.LP
-The current process label, process licenses, terminal label, 
-and environment are preserved.
-.SH EXAMPLES
-.TP
-.B priv session -C ffff...
-Change ceiling to the maximum authorized for the current user.
-.TP
-.B priv session -l 0
-.br
-.ns
-.TP
-.B cd /usr/src
-Enter a bottom-label interactive terminal subsession.
-Get out of the black-hole directory that 
-.IR priv (1)
-leaves you in.
-.TP
-.B runlow /bin/sh	# not useful
-An attempt to fool the system into giving a bottom-label 
-interactive shell.
-When the shell reads from standard input,
-its label will revert to that of the current session.
-.TP
-.B drop ls -l *
-.br
-.ns
-.TP
-.B drop pwd
-Prevent the process label from rising to cover the labels of
-files in the directories examined by 
-.I ls
-or
-.I pwd.
-(If the label did rise, the output could not get
-to the terminal.)
-.SH FILES
-.F /dev/log/sessionlog
-.br
-.F /etc/pwfile
-.br
-.F /etc/floor
-.br
-.F /bin/sh
-.br
-.F /etc/nosh
-.SH SEE ALSO
-.IR sh (1),
-.IR getflab (2),
-.IR getplab (2),
-.IR exec (2),
-.IR pwfile (5),
-.IR login (8),
-.IR nosh (8),
-.IR pwserv (8)
-.SH DIAGNOSTICS
-`Sorry', instead of asking for a password: untrusted channel.