summaryrefslogtreecommitdiff
AgeCommit message (Expand)Author
2015-10-18Move more EXTERN-defined globals from sh.h.mmcc
2015-10-18Backport another Broadwell fix from Linux 3.15Mark Kettenis
2015-10-18Use "getpw" rather than "flock", per deraadt@'s suggestion.Miod Vallat
2015-10-18Avoid integer overflow with very large files.Tobias Stoeckmann
2015-10-18Fix comments.Robert Peichaer
2015-10-18pledge+=flock, for /var/run/ypbind.lock. ok semarie@Miod Vallat
2015-10-18Do not warn for sort -o if we can't chown the output temporary fileTodd C. Miller
2015-10-18Add "id" pledge to syslogd privsep process. Needed for logging to pipe.Alexander Bluhm
2015-10-18Make use of pledge(2); initial diff from deraadt@Jeremie Courreges-Anglas
2015-10-18actually, it uses getaddrinfoTheo de Raadt
2015-10-18libc DNS functions will now use the new dnssocket() / dnsconnect()Theo de Raadt
2015-10-18Tweak previous: call fatal(), not err(3), for consistency. err.h goes away.Jeremie Courreges-Anglas
2015-10-18regress pledge: test kill()Sebastien Marie
2015-10-18regress pledge: remove cmsgSebastien Marie
2015-10-18regress pledge: cpath testSebastien Marie
2015-10-18regress pledge: cmsg is deprecatedSebastien Marie
2015-10-18regress pledge: tweak a bit the manner to grab hte syscall numberSebastien Marie
2015-10-18Need native-pledge for id.Doug Hogan
2015-10-18ld.so no longer needs or uses a bind lock, so stop setting it. ThisPhilip Guenther
2015-10-18Tadpole/Sun Voyager IIi reported to work via dmesg@Jonathan Gray
2015-10-18move SS_DNS socket check from kern_plegde.c to sys_generic.cSebastien Marie
2015-10-18Use offsetof() instead of adding the sizes of the preceeding struct membersPhilip Guenther
2015-10-18Make sure sm_rotate_bak() is only run once.Antoine Jacoutot
2015-10-18getting sloppy, lost a }Theo de Raadt
2015-10-18sorry, sdiff -o interactive mode does another spawnTheo de Raadt
2015-10-18Add "dns" to the pledges. Previously these worked because of "inet",Theo de Raadt
2015-10-18Forcibly delete /var/run/ypbind.lock to prepare for the worst cases.Theo de Raadt
2015-10-18unrelated commit; not ready yetTheo de Raadt
2015-10-18First casualty of making pledge "dns" mandatory for dns users.Theo de Raadt
2015-10-18Move your drink further away... When a program pledged "getpw" fails toTheo de Raadt
2015-10-18after kmem is open and setup, pledge "stdio rpath wpath cpath"Theo de Raadt
2015-10-18Collapse some strange programmer style with too much abstraction.Theo de Raadt
2015-10-18With TIOCSTI supported in pledge "tty proc", csh is good enough to runTheo de Raadt
2015-10-18A whole buncha unsigned char casts for ctype function arguments.mmcc
2015-10-18Use explicit_bzero() when the memory is freed directly afterward.mmcc
2015-10-18Use explicit_bzero() when the memory is freed directly afterward.mmcc
2015-10-18TIOCSTI and TIOCSCTTY; oops got the condition backwards.Theo de Raadt
2015-10-18better placement for dnssocket/dnsconnectTheo de Raadt
2015-10-18Describe dnssocket / dnsconnect argumentsTheo de Raadt
2015-10-18Allow read/write access to /dev/tty when using "tty" pledge.Doug Hogan
2015-10-18create libc stubs for dnssocket() and dnsconnect()Theo de Raadt
2015-10-18syncTheo de Raadt
2015-10-18Add two new system calls: dnssocket() and dnsconnect(). This creates aTheo de Raadt
2015-10-17naddy asks me if __tfork should be allowed by "proc". yes!Theo de Raadt
2015-10-17connect() to an AF_UNIX socket is really read/write, so tell pledge thisTheo de Raadt
2015-10-17Allow the nasty ioctl TIOCSTI in "tty", but also require the "proc"Theo de Raadt
2015-10-17better wording in a commentTheo de Raadt
2015-10-17Unify TIOCGPGRP/TIOCGWINSZ/TIOCGWINSZ behaviour regarding ENOTTY return.Theo de Raadt
2015-10-17Allow TIOCSCTTY on tty devices, if the pledge says "tty id"Theo de Raadt
2015-10-17whitespaceTheo de Raadt
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 21:57:35 +0000