Age | Commit message (Expand) | Author |
2015-10-03 | Restore description of the sparc64 boot process which was lost when | Stefan Sperling |
2015-10-03 | - Simplify use of ctype functions. | Tim van der Molen |
2015-10-03 | unifdef some features we will always have. ok benno zhuk | Ted Unangst |
2015-10-03 | tame "stdio" right between setlocale and getopt, it is easy to review | Theo de Raadt |
2015-10-03 | IPv6 transport for pflow data. | Florian Obser |
2015-10-03 | Properly indent usage() output. | Antoine Jacoutot |
2015-10-03 | missing asr* -> _asr* symbol rename for building with debug code | Eric Faurot |
2015-10-03 | If we care about placing core files from SUID programs in a safe place, | Vadim Zhukov |
2015-10-03 | Fix wrong cast. | Vadim Zhukov |
2015-10-03 | When multiple vxlan interfaces are configured with same VNI, select the | YASUOKA Masahiko |
2015-10-03 | SSL_new(): fix ref counting and memory leak in error path. | Doug Hogan |
2015-10-03 | grep only opens files read-only, reads via stdio or other methods, performs | Theo de Raadt |
2015-10-03 | tame "stdio getpw rpath" can be done quite early after the getopt. | Theo de Raadt |
2015-10-03 | leave does a fork, but other than that it is boring stdio. | Theo de Raadt |
2015-10-03 | the chmod & chflags codepaths can use tame "stdio rpath fattr". the | Theo de Raadt |
2015-10-03 | gzip can use tame "stdio wpath cpath fattr". this blocks a lot of | Theo de Raadt |
2015-10-03 | BIO_get_fd() could return fd 0; fix error condition. Found at | Theo de Raadt |
2015-10-03 | KNF | Theo de Raadt |
2015-10-03 | right at startup, this can tame "stdio cpath rpath wpath". after getopt | Theo de Raadt |
2015-10-03 | So you'd love me to say sleep() can be tighter than tame "stdio". OK, | Theo de Raadt |
2015-10-03 | the ntp dns process only needs tame "dns rw" to operate. at least, | Theo de Raadt |
2015-10-03 | In the ntpctl(1) case, after it has connect()'d to ntpd we can tame "stdio" | Theo de Raadt |
2015-10-03 | switch from using the systrace-based sandbox to the tame-based sandbox. | Theo de Raadt |
2015-10-03 | patch appears to work fully with tame "stdio rpath wpath cpath tmppath fattr". | Theo de Raadt |
2015-10-03 | arp uses a non-privileged sockraw to look at the kernel arp tables. | Theo de Raadt |
2015-10-03 | like ping, traceroute is a setuid root priv-drop which holds a sockraw. | Theo de Raadt |
2015-10-03 | uniq has a complicated initialization around getopt. beforehands, we | Theo de Raadt |
2015-10-03 | script is two processes. the main io-loop process can be locked down with | Theo de Raadt |
2015-10-03 | finger can either do local users only, or in in remote users. (who | Theo de Raadt |
2015-10-03 | whois uses dns to lookup whois servers, and then opens sockets to them. | Theo de Raadt |
2015-10-03 | even before it reaches getopt(), this program will never do more than | Theo de Raadt |
2015-10-03 | acpidump is used as root and opens /dev/mem readonly, to dig out | Theo de Raadt |
2015-10-03 | sed only works on files, so the obvious goal is to remove it's network | Theo de Raadt |
2015-10-03 | ping6 is a setuid root priv-drop which holds a sockraw. we can tame it | Theo de Raadt |
2015-10-03 | tcpdump is two-process privsep. | Theo de Raadt |
2015-10-03 | ping is a setuid root priv-drop which holds a sockraw. we can tame it | Theo de Raadt |
2015-10-02 | Curve25519 is now specified in draft-ietf-ipsecme-safecurves-00 (along | Reyk Floeter |
2015-10-02 | make a && && & block more readable. no binary change. | Theo de Raadt |
2015-10-02 | I see no evidence that lstat() is being done for /etc/resolv.conf, nor | Theo de Raadt |
2015-10-02 | kern_tame.c | Theo de Raadt |
2015-10-02 | update the -t args list; ok guenther | Jason McIntyre |
2015-10-02 | use limits.h instead of sys/param.h to get PATH_MAX | Theo de Raadt |
2015-10-02 | avoid sys/param.h, by using PATH_MAX | Theo de Raadt |
2015-10-02 | regen | Mark Kettenis |
2015-10-02 | RFC7634 specifies ChaCha20-Poly1305 for IKEv2 and IPsec and IANA | Reyk Floeter |
2015-10-02 | Revert previous commit; something is not quite right yet in the bowels of uvm | Mark Kettenis |
2015-10-02 | Remove MD5 from the default proposals. At least SHA1 seems to be the | Reyk Floeter |
2015-10-02 | If the policy certreqtype is 0, use the global one instead. | Reyk Floeter |
2015-10-02 | fix email | Theo de Raadt |
2015-10-02 | missing ) in COMPAT_LINUX block | Theo de Raadt |