| Age | Commit message (Collapse) | Author |
|---|
|
ids, it clarifies these are full revocation situations.
ok millert
|
|
From fritjof () alokat ! org, thanks!
ok semarie@
|
|
|
|
from fritjof ! alokat.org
ok ratchov@ natano@
|
|
keep stdio from opening with O_CREAT which would require pledge cpath.
|
|
Bug reported by Christian Heckendorf <mbie at ulmus dot me>, patch by me.
OK jmc@ bentley@
|
|
correctly - logically complete that now by removing MLINKS from base;
authors need only to ensure there is an entry in NAME for any function/
util being added. MLINKS will still work, and remain for perl to ease
upgrades;
ok nicm (curses) bcook (ssl)
ok schwarze, who provided a lot of feedback and assistance
ok tb natano jung
|
|
the program
- Add error message to syslog if privdrop didn't succeed and then exit
- Remove lint comments
OK beck@ after his suggestion and also looks good to jca@
|
|
with strong symbols in ld.so don't do what we need, so put definitions back
in crt0 and make ld.so update __progname like it does environ.
report and testing patrick@ jsg@
|
|
as osendsyslog for a while. The three argument variant is the only
one that will stay.
input kettenis@; OK deraadt@
|
|
namespace, for use by libpthread
ok deraadt@
|
|
and pass the LOG_CONS flag like libc's handler.
ok deraadt@ bluhm@ (who had a similar diff)
|
|
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.
ok kettenis@ mpi@ "good time" deraadt@
|
|
Feedback millert@ kettenis@
|
|
program early
- #define SPAMD_USER "_spamd" and use it on getpwnam(3) call
- Set usage() as __dead void
- Remove lint-style comments
OK beck@
|
|
- check for root privileges, otherwise exit early with an appropriate
status code and a formatted string;
- be more specific with chroot()/chdir() checks.
OK beck@
|
|
|
|
|
|
rpath: fopen(3) _PATH_UTMP in read mode
wpath/cpath: fopen(3) full_tty in write mode (w), which implies O_CREAT
inet/dns: the intervening hosts in the conversation may be remote, or not, but
since we will never know beforehand then it'll always need inet and dns to
resolve the hostnames
ok jca@ and also discussed with tb@
|
|
OK tb@
|
|
load time only nwo. Rename _dl_searchnum and lastlookup to _dl_grpsym_gen
and grpsym_gen as they are generation numbers. Merge _dl_newsymsearch()
into _dl_cache_grpsym_list_setup().
ok millert@
|
|
needs to lock down the entire load group, not just the specific object.
problem report and ok sthen@
been in snaps for a week
|
|
The gettytab(5) and termcap(5) get FILES, others don't need anything.
With input from & okay schwarze@
|
|
It needs these annotations, to at least run the operations next to them:
stdio: malloc(3)
rpath: open(2)
inet: connect(2)/socket(2)
proc: fork(2)
exec: execvp(3)
While here remove netinet/in.h since all we need is already in arpa/inet.h and
sort the headers alphabetically
OK beck@
|
|
|
|
|
|
|
|
|
|
|
|
this loads the tls certificate files pre-pledge then does the bulk of the tls
setup goo pledged.
|
|
All the work done by Ricardo Mestre <serial@helheim.mooo.com> - Thanks.
|
|
just the dynamic tags are needed instead of reusing the generic elf_object_t
structure.
testing and feedback from miod@
ok kettenis@
|
|
quite involved, due to tls_read potentially needing to write and tls_write
potentially needing to read (in the reneg case); that not fitting the spamd
model too well - it needs to keep a little more state.
help & ok bluhm & beck
|
|
STARTTLS dance. ok millert
|
|
and issue a new EHLO after STARTTLS. The misunderstaning seems to be common,
so we'll still grok MAIL FROM right after the STARTTLS dance, as well as
accepting a second EHLO. ok phessler beck millert
|
|
with bluhm
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok deraadt
|
|
(The story is that some people do use YP still as a libc -> non-file
lookup mechanism; some of them with standard ypbind/ypserv, but more
of them with ypbind/ypldap. That however does not justify these cruddy
tools dealing with passwords, which are more likely to contain problems)
|
|
pledged. Keep an eye out for regressions, because they could be
uncomfortable.
ok beck semarie
|
|
"man talkd" and "man ntalkd" work;
issue reported by sobrado; fix from schwarze
|
|
|
|
obviously, to provide a drunk spell test);
|
|
ok schwarze
|
