| Age | Commit message (Expand) | Author |
|---|
| 2015-10-03 | obvious tame "stdio rpath" | Theo de Raadt |
| 2015-10-03 | Now that dc(1) no longer supports !command with popen(), we can start | Theo de Raadt |
| 2015-10-03 | delete documentation for ! command | Theo de Raadt |
| 2015-10-03 | Nuke trailing whitespace to avoid cluttering possible upcoming diffs. | Kenneth R Westerback |
| 2015-10-03 | adapt to the removal of ! | Otto Moerbeek |
| 2015-10-03 | disable ! command, makes dc(1) more tameable | Otto Moerbeek |
| 2015-10-03 | oops! cannot tame the chmod case, because the kernel drops the | Theo de Raadt |
| 2015-10-03 | hard to think of a simple program to add tame to. tame "stdio", obviously. | Theo de Raadt |
| 2015-10-03 | wc only opens files read-only, proceses them, and spits results to stdout. | Theo de Raadt |
| 2015-10-03 | correct a memory leak in error code path. | Sebastien Marie |
| 2015-10-03 | As pointed out by tobiasu, ed-style patches still use popen() and execute | Theo de Raadt |
| 2015-10-03 | Restore description of the sparc64 boot process which was lost when | Stefan Sperling |
| 2015-10-03 | - Simplify use of ctype functions. | Tim van der Molen |
| 2015-10-03 | unifdef some features we will always have. ok benno zhuk | Ted Unangst |
| 2015-10-03 | tame "stdio" right between setlocale and getopt, it is easy to review | Theo de Raadt |
| 2015-10-03 | IPv6 transport for pflow data. | Florian Obser |
| 2015-10-03 | Properly indent usage() output. | Antoine Jacoutot |
| 2015-10-03 | missing asr* -> _asr* symbol rename for building with debug code | Eric Faurot |
| 2015-10-03 | If we care about placing core files from SUID programs in a safe place, | Vadim Zhukov |
| 2015-10-03 | Fix wrong cast. | Vadim Zhukov |
| 2015-10-03 | When multiple vxlan interfaces are configured with same VNI, select the | YASUOKA Masahiko |
| 2015-10-03 | SSL_new(): fix ref counting and memory leak in error path. | Doug Hogan |
| 2015-10-03 | grep only opens files read-only, reads via stdio or other methods, performs | Theo de Raadt |
| 2015-10-03 | tame "stdio getpw rpath" can be done quite early after the getopt. | Theo de Raadt |
| 2015-10-03 | leave does a fork, but other than that it is boring stdio. | Theo de Raadt |
| 2015-10-03 | the chmod & chflags codepaths can use tame "stdio rpath fattr". the | Theo de Raadt |
| 2015-10-03 | gzip can use tame "stdio wpath cpath fattr". this blocks a lot of | Theo de Raadt |
| 2015-10-03 | BIO_get_fd() could return fd 0; fix error condition. Found at | Theo de Raadt |
| 2015-10-03 | KNF | Theo de Raadt |
| 2015-10-03 | right at startup, this can tame "stdio cpath rpath wpath". after getopt | Theo de Raadt |
| 2015-10-03 | So you'd love me to say sleep() can be tighter than tame "stdio". OK, | Theo de Raadt |
| 2015-10-03 | the ntp dns process only needs tame "dns rw" to operate. at least, | Theo de Raadt |
| 2015-10-03 | In the ntpctl(1) case, after it has connect()'d to ntpd we can tame "stdio" | Theo de Raadt |
| 2015-10-03 | switch from using the systrace-based sandbox to the tame-based sandbox. | Theo de Raadt |
| 2015-10-03 | patch appears to work fully with tame "stdio rpath wpath cpath tmppath fattr". | Theo de Raadt |
| 2015-10-03 | arp uses a non-privileged sockraw to look at the kernel arp tables. | Theo de Raadt |
| 2015-10-03 | like ping, traceroute is a setuid root priv-drop which holds a sockraw. | Theo de Raadt |
| 2015-10-03 | uniq has a complicated initialization around getopt. beforehands, we | Theo de Raadt |
| 2015-10-03 | script is two processes. the main io-loop process can be locked down with | Theo de Raadt |
| 2015-10-03 | finger can either do local users only, or in in remote users. (who | Theo de Raadt |
| 2015-10-03 | whois uses dns to lookup whois servers, and then opens sockets to them. | Theo de Raadt |
| 2015-10-03 | even before it reaches getopt(), this program will never do more than | Theo de Raadt |
| 2015-10-03 | acpidump is used as root and opens /dev/mem readonly, to dig out | Theo de Raadt |
| 2015-10-03 | sed only works on files, so the obvious goal is to remove it's network | Theo de Raadt |
| 2015-10-03 | ping6 is a setuid root priv-drop which holds a sockraw. we can tame it | Theo de Raadt |
| 2015-10-03 | tcpdump is two-process privsep. | Theo de Raadt |
| 2015-10-03 | ping is a setuid root priv-drop which holds a sockraw. we can tame it | Theo de Raadt |
| 2015-10-02 | Curve25519 is now specified in draft-ietf-ipsecme-safecurves-00 (along | Reyk Floeter |
| 2015-10-02 | make a && && & block more readable. no binary change. | Theo de Raadt |
| 2015-10-02 | I see no evidence that lstat() is being done for /etc/resolv.conf, nor | Theo de Raadt |
