| Age | Commit message (Collapse) | Author |
|---|
|
type 0 configuration requests correctly which results in devices on bus 0
appearing multiple times. Fix this by adding a quirk and match the
appropriate compatible string.
ok jsg@, patrick@
|
|
AS_PATH with a AS4_PATH and are therefor fairly special.
|
|
so that we can include firmware-dependant code in generic drivers to be
able to extract metadata information like MAC addresses and out-of-band
interrupts from the ACPI/FDT tables.
ok kettenis@
|
|
|
|
characters (some languages use up to five). This size doesn't make as
much difference now that UTF-8 goes into an extended cell. GitHub issue
1430.
|
|
|
|
|
|
with an EPERM, but the target rdomain will still be created.
Move the check for an lo(4)'s if_index/if_rdomain to before the creation of a
nonexisting target routing table.
ok benno@ claudio@ mpi@
|
|
id after that, so it seems like a silly reason to reject a target.
ok dlg@ deraadt@
|
|
|
|
that and start listening for failure reports.
|
|
constraints process), and /usr/sbin/ntpd "x" to perform fork+exec operations.
|
|
the files they inspect a little later.
|
|
than the devices specified with -f and -q options.
ok deraadt@
|
|
ok patrick@
|
|
up to 24.
ok patrick@
|
|
Once we know what the input file is, usually /bsd.gdb, we can unveil it in read
mode. If we also define as argument an output file we can additionally unveil
that one with write/create permissions.
We don't need to care about calling unveil(NULL, NULL) since we can call
pledge(2) and reduce the permissions down the road depending on the code path.
"reads OK" jasper@, "put it in if works" mpi@
prodded by deraadt@
|
|
after we know what is the mixer device to be used, either through MIXERDEVICE
env var, the argument passed or by default /dev/mixer then we can unveil it in
read/write mode, then if opening fails we reduce unveil to only read mode.
Once open(2) succeeds then we can disable fs access by calling unveil(NULL, NULL)
since all further operations occur on fds.
A cleaner solution would be to just call pledge("audio") after open(2) but
currently the ioctls used are not whitelisted in pledge(2), ratchov@ will
investigate a better way to do this
OK ratchov@
|
|
ok claudio@
|
|
directory for placement. We can only protect the directory case,
since the file_prefix+sig+id case is too large to enumerate.
|
|
login tweaks), and walk the path (would could be $PATH, or not) adding
an unveil "x" to each possible executable which execvpe() could later
be tried by execvpe.
It would be great if we could do some unveil before authentication, but
I failed to determine all the possibilities.
Some problem reports by bluhm, tb, florian, and others during development
In snaps for about 3 weeks.
ok florian
|
|
|
|
This is worthwhile keeping, so add "unveil" to defer unveil(2) calls.
After various special cases are handled (including files which are anywhere
in the filesystem), unveil() to the specific file only.
|
|
ok florian
|
|
used ioctls. Furthermore due to the way the command line parser is
written it is difficult to apply the traditional first initialize then
pledge pattern.
unveil(2) gives us a different approach:
By veiling everything with unveil("/", "") and then locking down
unveil with unveil(NULL, NULL) we remove all filesystem access from
ifconfig kind of like giving a regular user a chroot without any
files.
OK deraadt
|
|
|
|
some kernel memory/symbol files.
|
|
If kernel variables are being watched unveil /dev/mem, /dev/kmem, and
/dev/ksyms. If testing AF_UNIX, unveil that patch. The next pledge
removes "unveil", then tcpbench is largely filesystem restricted.
|
|
in general, when introducing the *typographic* term "hyphen",
actually display a real hyphen in output modes supporting it.
|
|
|
|
Michael W. Bombardieri. Thanks.
|
|
simplest and most important instructions together and at the
beginning. No text change.
Suggested by jmc@.
|
|
In some cases, it meant "render as an ASCII character in output
modes that have a notion of codepoints" (e.g. UTF-8, HTML); in other
cases, "render in the text font in output modes that also provide
a special font for mathematical symbols" (e.g. PostScript, PDF).
Also explicitly annotate the escape sequences that use a special
font if available.
OK bentley@
|
|
for hyphens and minus signs in manual pages.
Since there is consensus that a typographically perfect solution is
impossible, let's KISS - just write "-", don't bother with "\-", all
currently relevant manual page formatters can handle "-" reasonably.
OK jmc@ bentley@
|
|
takes a flag if it is large or not. Makes code more reusable.
|
|
|
|
|
|
|
|
heavy bits into the background and so the RDE is able to process new
messages more or less instantly after a configuration reload.
Not all cases are covered yet but the bulk is.
While the backgorund process is running no new config can be loaded.
Tested by and OK benno@
|
|
|
|
Discussed with kettenis@
|
|
|
|
ok stsp@
|
|
From Miod Vallat, "Go ahead" kettenis
|
|
ok claudio@
|
|
Documented in 'Speculative Execution Side Channel Mitigations'
revision 2.0.
|
|
OpenSSH >= 6.5 (released January 2014), so it should be supported by
most OpenSSH versions in active use.
It is possible to convert new-format private keys to the older
format using "ssh-keygen -f /path/key -pm PEM".
ok deraadt dtucker
|
|
(that decides whether rarpd should reply), and /etc/ethers "r" for
debug reporting.
|
|
include config file "r", utmp "r", /dev "rw", /bin/sh "x" for running
piped commands, and the syslogd binary "x" itself for HUP re-exec upon
config loads with changes. Also unveiled in the privsep process are
the specific log files being written to.
If a config file reload changes no files, the existing privsep process
keeps running with unveil's to the relevant files (therefore it can
cope with newsyslogd taking files away). If a new config file is loaded
which changes the output files, the privsep process is restarted with
fork+exec, and installs new unveils as needed. The safety we gain from
unveil is that we've pigeonholed the privsep file-writer to exactly the
files required.
Help from bluhm for some edge cases.
|
|
|
