Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-10-18 | sync | Theo de Raadt | |
2015-10-18 | Add two new system calls: dnssocket() and dnsconnect(). This creates a | Theo de Raadt | |
SS_DNS tagged socket which has limited functionality (for example, you cannot accept on them...) The libc resolver will switch to using these, therefore pledge can identify a DNS transaction better. ok tedu guenther kettenis beck and others | |||
2015-10-17 | naddy asks me if __tfork should be allowed by "proc". yes! | Theo de Raadt | |
We may need a better semantic later ("thread"?), but this allows progress, and people can report their experiences. | |||
2015-10-17 | connect() to an AF_UNIX socket is really read/write, so tell pledge this | Theo de Raadt | |
is a RPATH|WPATH operation. Discussed with doug and millert | |||
2015-10-17 | Allow the nasty ioctl TIOCSTI in "tty", but also require the "proc" | Theo de Raadt | |
permission. For now, we'll tighten it down further later. | |||
2015-10-17 | better wording in a comment | Theo de Raadt | |
2015-10-17 | Unify TIOCGPGRP/TIOCGWINSZ/TIOCGWINSZ behaviour regarding ENOTTY return. | Theo de Raadt | |
(both "tty" and "ioctl" allow these; they should behave the same) | |||
2015-10-17 | Allow TIOCSCTTY on tty devices, if the pledge says "tty id" | Theo de Raadt | |
worked out with nicm | |||
2015-10-17 | whitespace | Theo de Raadt | |
2015-10-17 | Rename SYSEXIT() to SYSCALL_END() for consistency with most other archs. | Philip Guenther | |
No change in resulting object files ok millert@ | |||
2015-10-17 | mailaddr_match() allows comparing two struct mailaddr taking into account | Gilles Chehade | |
catchall and +-tags ok millert@ and jung@ for util.c | |||
2015-10-17 | Move the last of the __DBINTERFACE_PRIVATE bits from <db.h> to libc's wrapper | Philip Guenther | |
and eliminate the now superfluous -D option ok kettenis@ millert@ | |||
2015-10-17 | Fix the code that sets up the MCH BAR on systems where the (buggy) BIOS | Mark Kettenis | |
doesn't do this for us. The code was poking registers on the wrong PCI device. We were just lucky that it worked on most systems. This should fix machines such as the Asus EeePC 701 and get rid of the error: [drm:pid0:i915_gem_detect_bit_6_swizzle] *ERROR* Couldn't read from MC HBAR. Disabling tiling. messages on that machine. | |||
2015-10-17 | Tighten pledge: We only write to stdio and never to any files if | Christian Weisgerber | |
in cat mode (-c, zcat), or in test mode (-t), or if there are no file arguments and there is no -o outfile. Due to fts(3) we require rpath even for compress <in >out. "seems sound" deraadt@ | |||
2015-10-17 | Spell all "unexpected mode %u" panics in lower case, not just one of them. | Stefan Sperling | |
2015-10-17 | remove some unneccessary macros; from michael reed | Jason McIntyre | |
2015-10-17 | add missing underscore; from theo buehler | Jason McIntyre | |
2015-10-17 | Fix build with IFMEDIA_DEBUG defined; ok sthen@ | Stefan Sperling | |
2015-10-17 | PROTO_NORMAL for pledge(); ok guenther | Theo de Raadt | |
2015-10-17 | login_token needs pledge "flock" now. | Alexander Bluhm | |
OK millert@ | |||
2015-10-17 | makemap shout strip initial and trailing whitespaces using strip() | Gilles Chehade | |
ok millert@, ok jung@ | |||
2015-10-17 | document handling of comments in makemap | Gilles Chehade | |
ok millert@, ok sunil@, ok jung@ | |||
2015-10-17 | Drop two useless defines. | mmcc | |
ok nicm@ | |||
2015-10-17 | Add pledge "stdio unix sendfd proc exec tty" to tmux client process, | Nicholas Marriott | |
"sendfd" is dropped after first message from the server. | |||
2015-10-17 | Move a system header include from the global header (sh.h) into the | mmcc | |
files that need it. No binary change. "This looks fine" -nicm@ | |||
2015-10-17 | both of these are deprecated | Gilles Chehade | |
2015-10-17 | Convert some fgetln to getline. | Sunil Nimmagadda | |
tested and ok gilles@ | |||
2015-10-17 | Cleanup and simplify LMTP code. | Sunil Nimmagadda | |
Ok millert@ gilles@ | |||
2015-10-17 | LMTP delivery requires "inet unix". | Sunil Nimmagadda | |
Ok millert@ gilles@ | |||
2015-10-17 | make usage() less horrible | Florian Obser | |
2015-10-17 | Exit if a pledge call fails in non-interactive mode. | Doug Hogan | |
ok semarie@ | |||
2015-10-17 | Pledge; OK millert@ tobias@ | Tim van der Molen | |
2015-10-17 | this file is deprecated | Gilles Chehade | |
2015-10-17 | Change allocarray() to areallocarray(), a full reallocarray clone. All | mmcc | |
the logic is already in aresize(). "Sure" nicm@ | |||
2015-10-17 | remove unused variables | Gilles Chehade | |
2015-10-17 | Copy alloc()'s overflow check to aresize(). | mmcc | |
Suggested by nicm@. | |||
2015-10-17 | NUMBOOT is dead! Nuke the variables and abstractions that were used | Kenneth R Westerback | |
to build boot blocks. ok miod@ | |||
2015-10-17 | Implement -w maxwait now that the -w flag is free in ping6. Same | Florian Obser | |
behaviour as ping(8). | |||
2015-10-17 | Do no accept fds on the control socket; including the restricted socket. | Reyk Floeter | |
OK gilles@ eric@ | |||
2015-10-17 | move -V option before -v and remove one spurious newline, now in sync | Florian Obser | |
with ping. No object change. | |||
2015-10-17 | KNF | Gilles Chehade | |
2015-10-17 | our strip() function should use isspace() | Gilles Chehade | |
ok jung@, ok millert@ | |||
2015-10-17 | Remove left over -N and -w. Adapt wording for the link local example. | Florian Obser | |
Pointed out by, input & OK jmc | |||
2015-10-17 | Tighten up snmpd's control socket: do not allow users to terminate the | Reyk Floeter | |
daemon by sending corrupted imsgs to snmpd. This is especially important for the optional world-writeable restricted socket that is used for AgentX. In particular, don't fatal() in the daemon when imsg size checks on control messages fail, do stricter validation of expected messages (even assert zero-length imsgs), don't continue and close the control socket on suspicious input, print a debug log message on error. OK gilles@ "the rationale behind it is quite clear" | |||
2015-10-17 | Cleanup a bit. | Robert Peichaer | |
OK krw@ halex@ | |||
2015-10-17 | add "tty" for several subcommands of openssl | Sebastien Marie | |
it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@ | |||
2015-10-17 | The file(1) magic-parsing process was using pledge "stdio getpw proc recvfd" | Theo de Raadt | |
early on, then a set of getpwnam/setresuid/... before quickly dropping to "stdio recvfd". It receives fd's and runs the magic code on them in a chroot'd "stdio" jail. We can do better than that. Before the recent change, "proc" contained both the concepts of "forking" and "setuid". "id" is now split out as a seperate request, and it is exactly what this process needs momentarily. So this loses another window of opportunity, in case we have a major bug in .... hmm, it'd have to be in getpwnam.... ok tedu doug semarie gilles | |||
2015-10-17 | smtpd starts rather robustly with a gigantic pledge request group (keep | Theo de Raadt | |
in mind that a gigantic group is already < ~50% of POSIX). It then grinds these down bit by bit as it sets up privsep for the various processes. At startup, smtpd will need the new "id" request as well. ok gilles tedu | |||
2015-10-17 | Add pledge "id" support. This request permits setuid/seteuid/setresuid, | Theo de Raadt | |
setgid/setegid/setresgid, setgroups, setlogin, and setpriority. setrlimit and getpriority are also allowed (they are also in "proc") some of these were previously permitted in "proc" but have been removed. this seperation is intentional. "proc" is intended for reasoning about the relationship of a process "with other processes", whereas "id" deals the powerful/dangerous concept of unix ids. "id" will see some action very soon. ok gilles tedu semarie doug | |||
2015-10-17 | route6d pledges to use only "stdio rpath wpath cpath inet route mcast" | Jeremie Courreges-Anglas | |
ok deraadt@ |