summaryrefslogtreecommitdiff
path: root/usr.bin/doas
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2017-12-12 01:12:35 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2017-12-12 01:12:35 +0000
commit52c1fc97f7c1ade9cf0ebc1b5a041fed194d6e10 (patch)
tree50d1dbcc20f2803520428374fc6888b81a4bfcd0 /usr.bin/doas
parent35baa3704589ea7646058be964552054fbd60816 (diff)
pledge()'s 2nd argument becomes char *execpromises, which becomes the
pledge for a new execve image immediately upon start. Also introduces "error" which makes violations return -1 ENOSYS instead of killing the program ("error" may not be handed to a setuid/setgid program, which may be missing/ignoring syscall return values and would continue with inconsistant state) Discussion with many florian has used this to improve the strictness of a daemon
Diffstat (limited to 'usr.bin/doas')
0 files changed, 0 insertions, 0 deletions