src - OpenBSD base system

Age	Commit message (Collapse)	Author
2015-10-06	fix flowsrc spec, ok florian, thx ingo!	Sebastian Benoit

2015-10-06	When "proc" is requested, allow setpgid() and sigsuspend().	Theo de Raadt
	Also the combination of "proc tty" needs to permit TIOCSPGRP. This is the start at minimum semantics required by processes which work on process groups, sessions, ttys.
2015-10-06	we're running rm. call it rm too.	Ted Unangst

2015-10-06	update "cmsg" tests: it lost TAME_SELF flag.	Sebastien Marie

2015-10-06	Move from tame "cmsg" to tame "sendfd" or "recvfd", depending on which	Theo de Raadt
	way the process moves fd's.
2015-10-06	add some tests for rpath, wpath, cpath	Sebastien Marie

2015-10-06	Add new "tty" request, which allows TIOCGETA, TIOCGPGRP, TIOCGWINSZ,	Theo de Raadt
	TIOCSBRK, TIOCCDTR, TIOCSETA, TIOCSETAW, and TIOCSETAF on tty vnodes. This helps programs which call tcsetattr(), tcgetattr(), or readpassphrase(). Especially the latter - tame's goal is to satisfy the libc requirements of security-sensitive programs. Remove TIOCSETAF from the basic "ioctl" request, because it is a "set" option. "ioctl" is slowly turning into a "request information, cannot set options" package. Split the "cmsg" request into "sendfd" and "recvfd". Non-SCM_RIGHTS messages are currently flowing through freely and we'll need to think about that. This split lets us more strictly describe what our many fd-passing programs will do.
2015-10-06	Make sure that tx_buffer->next_eop is properly set before we bump the number	Mark Kettenis
	of available descriptors, such that the interrupt handler doesn't attempt to complete partially initialized descriptors. Seems to fix the watchdog timeouts reported by various people. Tested by Mattieu Baptiste and Gregor Best. ok mikeb@
2015-10-06	Remove the -C option that converts an S/Key database to the new format. It has	Tim van der Molen
	been 13 years since the new format was introduced. OK millert@
2015-10-06	Don't burden keycrunch_{md5,sha1,rmd160}() with identical code to prepare a	Tim van der Molen
	buffer based on whether they are called by keycrunch() or f(). Instead let keycrunch() and f() take care of this themselves. OK millert@
2015-10-06	Update path in comment; OK millert@	Tim van der Molen

2015-10-06	clear out some more legacy code and whatnot	Ted Unangst

2015-10-06	Rework the tame cmsg handler to make it work both ways. While on recv one	Claudio Jeker
	mbuf blob with all the cmsgs inside while on send cmsgs in an mbuf chain, one mbuf per message. Adjust the calls accordingly. Putting it in so deraadt@ can move forward.
2015-10-06	rmdir() is just a CPATH operation; remove RPATH marker that snuck in.	Theo de Raadt

2015-10-06	Make sure that all padding bytes in cmsgs are actually zero by memset	Claudio Jeker
	CMSG_SIZE(len) bytes of the mbuf.
2015-10-06	oops, namei was never allowing through valid CPATH operations	Theo de Raadt

2015-10-06	Add getrusage() to the TAME_SELF catagory.	Theo de Raadt

2015-10-06	Fix buf leak in error path. ok gilles@ eric@	Stefan Sperling

2015-10-06	only modifies data, stdin to stdout, so tame "stdout"	Theo de Raadt

2015-10-06	use tame "stdio rpath wpath cpath fattr". There is some timezone	Theo de Raadt
	database stuff here which goes further than most programs, but the neccessary files are readable using "rpath".
2015-10-06	simple tame "stdio rpath"	Theo de Raadt

2015-10-06	tame "stdio rpath" before opening the file, tame "stdio" after that	Theo de Raadt

2015-10-06	prefer limits.h over sys/limits.h	Brent Cook
	ok deraadt@
2015-10-06	Simple update for pdf, from file 5.x.	Nicholas Marriott

2015-10-06	Make iwm(4) set the MAC address the same way other wireless drivers do.	Stefan Sperling
	ok mpi@
2015-10-06	we don't need this temporary buffer since we're going to strdup() it right	Gilles Chehade
	away anyways ok eric@
2015-10-06	Another simple update for xwindows, from 5.x.	Nicholas Marriott

2015-10-06	Log the matched offset (and the new offset) instead of just of the new	Nicholas Marriott
	offset (as if it was where the match was found).
2015-10-06	ssh and ssl key file magic, from file 5.x.	Nicholas Marriott

2015-10-06	Another simple update from file 5.x.	Nicholas Marriott

2015-10-06	fix snprintf() error checking in token expansion code, these can't possibly	Gilles Chehade
	fail but it's no excuse for getting the checks wrong. spotted by qualys
2015-10-06	fix chdir() call for the sake of correctness	Gilles Chehade
	reported by qualys
2015-10-06	fix values passed to umask(), they should be octal.	Gilles Chehade
	the permissions are even more restrictive than they should. misc bug reported by qualys
2015-10-06	do not need ioctl.h	Theo de Raadt

2015-10-06	Obvious tame "stdio rpath wpath cpath" to a program I will never use.	Theo de Raadt

2015-10-06	fix reallocarray() constructs to always use temporary variable	Gilles Chehade

2015-10-06	Enable ioctl() in the "rw" request, to support FIONREAD/FIONBIO easier	Theo de Raadt
	for the stdio/libevent usage case. Further ioctl commands are narrowly checked as before. ok djm guenther semarie
2015-10-06	these do not use ioctl.h	Theo de Raadt

2015-10-06	struct knote's kn_sdata needs to be the same type as struct kevent's data	Philip Guenther
	ok deraadt@
2015-10-06	tame "stdio getpw"	Theo de Raadt
	discussed with guenther
2015-10-06	data processing stdin to stdout; tame "stdout"	Theo de Raadt

2015-10-06	unfortunately tame "stdio" can only happen well after the sequence of:	Theo de Raadt
	utmp parsing, tty opening, setresgid to drop privs. it only protects a basic io loop. discussed with doug
2015-10-06	adapt to recent sshkey_parse_private_fileblob() API change	Damien Miller

2015-10-06	The performance hit for -fstack-protector-all is worth it here.	Theo de Raadt
	ok gilles
2015-10-06	Appears that tame "stdio getpw rpath" will satisfy all code paths.	Theo de Raadt

2015-10-05	During getopt(), an optional file may be opened. After that, tame "stdio"	Theo de Raadt
	works. Time for some commentary! tame became possible because syslog(3) in openbsd uses a system call -- sendsyslog(2) -- which does not require an elaborate dance opening an AF_UNIX socket and using connect() or send() to deliver to a "/dev/log" unix socket in the filesystem. sendsyslog(2) was invented to ensure the stack-protector's __stack_smash_handler() can gaurantee delivery of failure messages to syslogd(8) in harsh conditions -- such as file descriptor exhaustion or inside chroot(2). Now it also works in tame(2)'d proceses, since sendsyslog(2) is always allowed. Our syslog(3) needs no elaborate socket code, therefore piles of software does not have an inate need for socket(2), connect(2), send(2), nor access to the filesystem. syslog(3) remains fully compatible otherwise. How does the stack protector report an error in fully capsicum'd program? Or in some other Linux protection mechanism, if someone protectes a program too far and takes sockets away, how do they see the stack protector working? You can have nice things when the underlying rules change.
2015-10-05	tame "stdio rpath wpath cpath", because this program reads and creates	Theo de Raadt
	files, using stdio. It does nothing else.
2015-10-05	Remove EXTERN from lex.h and put the definitions in lex.c, from Michael	Nicholas Marriott
	McConville.
2015-10-05	Remove EXTERN from table.h and put the definitions in table.c, from	Nicholas Marriott
	Michael McConville.
2015-10-05	Another trivial update, some extra bits for timezone, from file 5.x.	Nicholas Marriott