| Age | Commit message (Collapse) | Author |
|---|
|
root:_sndiod. Stop creating unused /dev/mixer* devices.
suggested by and ok deraadt
|
|
with help from claudio@
|
|
|
|
|
|
While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F access. Specifically, users don't need read/write access to
all USB/HID devices anymore and the driver also improves integration
with pledge(2) and unveil(2): It is pledge-friendly because it doesn't
require any ioctls to discover the device and unveil-friendly because
it uses a single /dev/fido/* directory for its device nodes.
It also allows to support FIDO/U2F in firefox without further
weakening the "sandbox" of the browser. Firefox does not have a
proper privsep design and many operations, such as U2F access, are
handled directly by the main process. This means that the browser's
"fat" main process needs direct read/write access to all USB HID
devices, at least on other operating systems. With fido(4) we can
support security keys in Firefox under OpenBSD without such a
compromise.
With this change, libfido2 stops using the ioctl to query the device
vendor/product and just assumes "OpenBSD" "fido(4)" instead. The
ioctl is still supported but there was no benefit in obtaining the
vendor product or name; it also allows to use libfido2 under pledge.
With feedback from deraadt@ and many others
OK kettenis@ djm@ and jmc@ for the manpage bits
|
|
repair that.
|
|
|
|
for anything other than a regular old mouse, X needs to be able to
directly talk to the device and newer machines can have all kinds of
touchscreens, pen devices, touchpads, etc.
ok deraadt
|
|
|
|
ok deraadt
|
|
with the syzkaller kernel fuzzer. So far, 8 distinct panics have been found and
fixed. This effort will continue.
kcov is limited to architectures using Clang as their default compiler and is
not enabled by default.
With help from mpi@, thanks!
ok kettenis@ mpi@ visa@
|
|
ok deraadt
|
|
/dev/arandom any longer. ok deraadt@
|
|
ttyB* minor numbers change; be sure to rerun MAKEDEV if you do not
upgrade with bsd.rd
Adapted from NetBSD by miod@
|
|
Create only /dev/urandom as device.
Create /dev/random and /dev/arandom as symlinks.
Drop /dev/srandom, which has been unused for a long time.
/dev/arandom will go away at a later point.
Discussed with guenther@, ok deraadt@
|
|
reachable through different pvbus device nodes.
Suggestion and OK deraadt, OK reyk
|
|
matter much -- and "uucp" is just stupid in 2016.
ok rpe
|
|
|
|
to /dev/audio*. No port is using them (thanks to sthen@ for checking).
ok sthen@
|
|
While here, also remove two forgotten descriptions for long obsolete
devices.
|
|
ok deraadt@ yasuoka@ reyk@
|
|
|
|
available wide open. there should be some access model either via a
group or fbtab. This will cause a decision to be made.
ok millert
|
|
unused for now, but I plan to convert all programs in base to use it in
a future diff. /dev/bpf0 is for compatibility with existing binaries
and is to be removed after a transition period.
ok rpe krw, for the installer part
"Let's see it hit the tree." deraadt
|
|
|
|
|
|
Needed for the key-value interface that has been added to pvbus(4).
OK mikeb@
|
|
This patch adds a new driver for use of virtio-console devices as
ttys. It's still in an early state and not compiled by default, yet.
Currently it is only wired into amd64. i386 is still missing.
Discussed with uebayasi@, deraadt@
|
|
|
|
|
|
|
|
OK dlg@ mpi@
|
|
|
|
|
|
|
|
|
|
|
|
ok deraadt@, naddy@, ajacoutot@
|
|
|
|
modern standards, with people having usb cameras, music players,
smartcard readers, UPSs, wifi scanners, rocket launchers and so
on...
OK sthen@, djm@
|
|
|
|
No regression has been reported since libusb became the prefered
solution to work with USB scanners.
req. by mpi@
ok ian@ mpi@ miod@
|
|
|
|
to show up at com4 or higher on x86; ok kettenis@ krw@
|
|
ok tedu@
|
|
ok syl@ todd@
|
|
from Sylvestre Gallon ccna.syl gmail.com
|
|
|
|
mostly from armani.
ok miod, mpi, jsg and help from sthen
|
|
|
