| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-11-13 | 4-step pledge in a program noone really uses anymore. | Theo de Raadt | |
| pledge "stdio inet dns proc exec" at startup. In the logging codepath, "stdio dns proc exec" after getpeername() drop to stdio proc exec(), before fork / execve Parent moving data out of the pipe only needs "stdio" | |||
| 2015-11-13 | _exit() in the child; as a result, must use syslog() directly. | Theo de Raadt | |
| 2015-11-06 | further PPP reduction, hint from sthen | Ted Unangst | |
| 2015-11-06 | remove ppplogin support. ok sthen | Ted Unangst | |
| 2015-11-06 | Fix unloading of load groups when the last reference wasn't on the | Philip Guenther | |
| load_object but rather some descendent. Detect that case in _dl_unload_shlib() and switch to unloading the entire group. Based on partial analyses by Henri Kemppainen (duclare (at) guu.fi) and Peter Hajdu (peter.ferenc.hajdu (at) gmail.com) ok millert@ | |||
| 2015-11-02 | Remove duplicate declaration | Philip Guenther | |
| 2015-11-02 | Factor out the logic for mprotecting the memory between two symbols into | Philip Guenther | |
| a new MI routine _dl_protect_segment(), and use that for protecting the GOT and--on some archs--the PLT. Amazing testing turnaround by miod@, who apparently violated relativity to get back results on some archs as fast as he did | |||
| 2015-11-02 | Fix typo: s/DT_JUMPREL/DT_JMPREL/ | Philip Guenther | |
| 2015-10-29 | remove tests for LD_HINTS_VERSION_1; ok kettenis | Theo de Raadt | |
| 2015-10-25 | No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@ | Todd C. Miller | |
| 2015-10-25 | unifdef some oldness. (BSD not defined since removal of param.h) | Ted Unangst | |
| ok jca sthen | |||
| 2015-10-25 | No need to declare pwd_gensalt; it's unused and gone. | Antoine Jacoutot | |
| ok tedu@ | |||
| 2015-10-24 | Don't compile pwd_gensalt, it's not needed since we use crypt_checkpass. | Antoine Jacoutot | |
| ok tedu@ | |||
| 2015-10-22 | Add pledge support to login_yubikey. Much feedback and OK millert@ | Brandon Mercer | |
| 2015-10-22 | use crypt_checkpass("password", NULL) to fake a login instead of bcrypt | Ted Unangst | |
| 2015-10-22 | use crypt_checkpass to check password | Ted Unangst | |
| 2015-10-22 | use crypt_checkpass instead of doing things the hard way with crypt. | Ted Unangst | |
| 2015-10-19 | Delete the empty example file "ftpchroot"; no example is needed. | Ingo Schwarze | |
| Move the one useful bit of information contained in the file ("one user name per line") to the ftpd(8) manual page where it belongs. OK deraadt@ sthen@ | |||
| 2015-10-17 | login_token needs pledge "flock" now. | Alexander Bluhm | |
| OK millert@ | |||
| 2015-10-16 | Hoist clearing of FIOASYNC to much earlier, then getty can use | Theo de Raadt | |
| pledge "stdio rpath fattr proc exec tty". | |||
| 2015-10-16 | Implement real "flock" request and add it to userland programs that | Todd C. Miller | |
| use pledge and file locking. OK deraadt@ | |||
| 2015-10-15 | Pledge login_token with "stdio rpath wpath cpath fattr getpw tty". | Alexander Bluhm | |
| OK deraadt@ | |||
| 2015-10-14 | Check mmap and read return values. While at it, remove unused duplicated file. | Tobias Stoeckmann | |
| ok millert@ | |||
| 2015-10-14 | pledge "stdio rpath" is good enough for these mainline BSD auth login | Theo de Raadt | |
| programs. (I am very surprised pledge ended up working for programs like this) ok semarie millert | |||
| 2015-10-13 | pledge "stdio rpath wpath cpath fattr"; fattr due to locking code borrowed | Theo de Raadt | |
| from mail.local | |||
| 2015-10-12 | Call pledge(2) after initial getsockname(2) to avoid "inet" addition. | Masao Uebayashi | |
| From & OK deraadt@ | |||
| 2015-10-10 | normalize a few more tame request orderings, to help review | Theo de Raadt | |
| 2015-10-09 | With nfs spool (fork + seteuid/setuid balony) support gone, it becomes | Theo de Raadt | |
| possible to pledge "stdio rpath wpath tty proc" Noone uses this code anymore. This is a demonstration... | |||
| 2015-10-09 | remove NFS spool support; it stands in the way of pledge(2) | Theo de Raadt | |
| 2015-10-09 | this cpp operates file using pledge "stdio rpath wpath cpath" | Theo de Raadt | |
| 2015-10-05 | Use explicit_bzero() instead of memset() for zeroing out secrets. | Todd C. Miller | |
| OK deraadt@ | |||
| 2015-10-05 | KNF a switch statement, moving a local variable up a frame as well - | Theo de Raadt | |
| carefully. | |||
| 2015-10-05 | Remove unused errstr variable. | Todd C. Miller | |
| 2015-10-04 | fix custom popen to return pid to caller instead of tracking in a giant | Ted Unangst | |
| array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod | |||
| 2015-10-02 | Talk about 'RADIUS server' in most cases, rather than referring specifically | Stuart Henderson | |
| to radiusd(8) (which doesn't support everything that login_radius(8) talks about) - theo buehler (who provided previous diff) agrees with this. Capitalise RADIUS as per the naming in the RFC. Add STANDARDS section referring to the RFC. Discussed with/suggestions from jmc. | |||
| 2015-10-01 | some radiusd updates, from theo buehler | Jason McIntyre | |
| 2015-09-23 | Don't be too agressive write-protecting the GOT and PLT. If we have no clue | Mark Kettenis | |
| where they end, there is a good chance they are sharing a page with .data, which obviously needs to remain writable. So only attempt to make them read-only if we know they have a non-zero size. Original diff from guenther@ based on an earlier diff from me. Fixes ld -Z on alpha. ok miod@, guenther@ | |||
| 2015-09-22 | Use explicit_bzero() to zero out the password. From Michael McConville. | Todd C. Miller | |
| 2015-09-19 | kbind has eliminated the need for and use of the bind lock. Delete it, the | Philip Guenther | |
| the callback, and the sigprocmask stub. Keep around the DL_SETBINDLCK case until libpthread stops using it. discussed with miod@ at l2k15 ok kettenis@ | |||
| 2015-09-19 | Remove PROT_EXEC bit from GOT_PERMS. ld.so doesn't need it anymore, and | Mark Kettenis | |
| rcrt0.o will add it for BSS-PLT binaries if necessary. ok guenther@ | |||
| 2015-09-19 | Make bootstrapping code compatible with the Secure-PLT ABI. | Mark Kettenis | |
| ok guenther@ | |||
| 2015-09-13 | Rename __sysctl syscall to just sysctl, as the userland wrapper is no longer | Philip Guenther | |
| necessary ok deraadt@ jsing@ | |||
| 2015-09-12 | Use kbind for lazy binding GOT/PLT updates on arm. | Philip Guenther | |
| While here add some gcc __predict hints. Much testing, discussion, pondering, and flailing from miod and deraadt ok miod@ | |||
| 2015-09-11 | add some missing .Cm macros and drop some redundant .Bk while here | Ingo Schwarze | |
| 2015-09-10 | read, tls_read, and tls_write return ssize_t | Bob Beck | |
| jointly with jsing@ | |||
| 2015-09-10 | fix after libtls api changes | Bob Beck | |
| ok jsing@ | |||
| 2015-09-09 | Some explicit iflush instructions after the kbind() call are still needed | Miod Vallat | |
| for now; misunderstanding between guenther@ and me. | |||
| 2015-09-06 | Check strdup return value for NULL. | Tobias Stoeckmann | |
| ok millert@ | |||
| 2015-09-01 | test pointers with NULL not '\0' | Jonathan Gray | |
| 2015-09-01 | Use kbind for lazy binding GOT/PLT updates on m88k and sparc. | Philip Guenther | |
| Much discussion with and assistance from miod and deraadt ok miod@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |