--- trunk/ccs-patch/README.ccs	2007/02/28 11:45:08	111
+++ trunk/ccs-patch/README.ccs	2007/06/03 11:59:44	258
@@ -838,3 +838,93 @@
         address_group localnet 192.168.0.0-192.168.255.255
 
       in the exception policy.
+
+Fix 2007/03/03
+
+    @ Remove obsolete functions.
+
+    @ Add some hooks.
+
+      Read permission check is done if open_exec()
+      is called from search_binary_handler().
+      Read permission check is not done if open_exec()
+      is called from do_execve(), instead,
+      execute permission check is done at
+      search_binary_handler_with_transition().
+
+      I moved the location of calling CheckCapabilityACL()
+      and CheckMountPermission() from sys_mount() to do_mount().
+
+Fix 2007/03/07
+
+    @ Use 'unsigned int' for sscanf().
+
+      I compiled SYAORAN fs on x86_64 environment and found
+      the compiler showing warning messages about size of data types.
+      Since size of data types may mismatch for sscanf(),
+      I replaced some types with 'unsigned int'.
+
+Version 1.4   2007/04/01   x86_64 support release.
+
+Fix 2007/04/18
+
+    @ Change argv[0] checking rule.
+
+      I was comparing the basename of symbolic link's pathname and argv[0].
+      Since execute permission check and domain transition are done
+      based on realpath while argv[0] check is done based on the symlink's
+      pathname and argv[0], this specification will allow attackers behave
+      as /bin/cat in the domain of /bin/ls if "/bin/ls and /bin/cat are
+      links to /sbin/busybox" and "the attacker is permitted to create 
+      a symlink named ~/cat that points to /bin/ls" and "the attacker is
+      permitted to run /bin/ls".
+      So, I changed to compare the basename of realpath and argv[0].
+      Also, I moved the location to compare before processing
+      "aggregator" directive so that
+      "aggregator /tmp/logrotate.\?\?\?\?\?\? /tmp/logrotate.tmp"
+      won't cause the mismatch of the basename of realpath and argv[0].
+
+      If /bin/ls is a symlink to /sbin/busybox, then
+      creating a symlink named ~/cat that points to /bin/ls and
+      executing ~/cat won't work as expected because permission check and
+      domain transition are done using /sbin/busybox (realpath of /bin/ls)
+      and will be rejected since the administrator won't grant
+      "1 /sbin/busybox".
+
+Fix 2007/05/07
+
+    @ Support pathname subtraction.
+
+      There was no way to exclude specific pathnames when granting
+      permissions using wildcards.
+      There would be a need to exclude specific files and directories.
+      I introduced "\-" as subtraction operator.
+
+        "A\-B" means "A" other than "B".
+        "A\-B\-C" means "A" other than "B" and "C".
+        "A\-B\-C\-D" means "A" other than "B" and "C" and "D".
+
+      "A", "B", "C", "D" may contain wildcards.
+
+      An example usage is "/home/\*/\*\-.ssh/\*", which means
+      "/home/\*/\*/\*" other than "/home/\*/.ssh/\*".
+
+      "A" should contain wildcards because subtraction from constants
+      (e.g. "/usr\-usr/" or "/usr\-home/") is meaningless.
+
+      Don't try "A\-B\+C" because "\+" is not addition operator.
+
+Fix 2007/05/24
+
+    @ Fix autobind hook.
+
+      The location to call SAKURA_MayAutobind() in net/ipv4/udp.c
+      and net/ipv6/udp.c were wrong.
+
+Fix 2007/06/03
+
+    @ Add a space in MakeMountOptions().
+
+      I forgot to add a space after "atime" and "noatime".
+
+Version 1.4.1 2007/??/??   Minor update release.