Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-12-02 | in response to EHLO, don't offer STARTTLS if we already completed the | Henning Brauer | |
STARTTLS dance. ok millert | |||
2015-12-02 | I misread the standard when adding TLS; clients are supposed to start over | Henning Brauer | |
and issue a new EHLO after STARTTLS. The misunderstaning seems to be common, so we'll still grok MAIL FROM right after the STARTTLS dance, as well as accepting a second EHLO. ok phessler beck millert | |||
2015-12-02 | fix error messages to say tls_write after tls_write and not tls_read... | Henning Brauer | |
with bluhm | |||
2015-12-01 | knock out duplicate rcs id; | Jason McIntyre | |
2015-12-01 | needs utf8.c from the ls tree also | Theo de Raadt | |
2015-12-01 | rpc.rstatd(8) and rpc.rusersd(8) don't run as user nobody for quite some time. | Tim van der Molen | |
2015-12-01 | Remove superfluous check; "Of course" deraadt@ | Tim van der Molen | |
2015-12-01 | Don't fall back to user nobody if _rusersd doesn't exist; "Of course!" deraadt@ | Tim van der Molen | |
2015-11-29 | Document that the pfdev check for 63 is /dev/fd/ only contains those nodes | Theo de Raadt | |
2015-11-26 | passwd no longer has an -l flag; ok deraadt | Jason McIntyre | |
2015-11-26 | pledge in login_radius(8). | YASUOKA Masahiko | |
ok deraadt | |||
2015-11-26 | rpc.yppasswdd goes to the bitbucket. | Theo de Raadt | |
(The story is that some people do use YP still as a libc -> non-file lookup mechanism; some of them with standard ypbind/ypserv, but more of them with ypbind/ypldap. That however does not justify these cruddy tools dealing with passwords, which are more likely to contain problems) | |||
2015-11-26 | Delete YP password related code. As a result, these can also be | Theo de Raadt | |
pledged. Keep an eye out for regressions, because they could be uncomfortable. ok beck semarie | |||
2015-11-25 | rename internally to ntalkd, after the binary; this way both | Jason McIntyre | |
"man talkd" and "man ntalkd" work; issue reported by sobrado; fix from schwarze | |||
2015-11-24 | missing pledge "getpw" | Theo de Raadt | |
2015-11-21 | zap the yppasswdd mlink, at ingo's behest (its original purpose being, | Jason McIntyre | |
obviously, to provide a drunk spell test); | |||
2015-11-21 | remove mlinks for aliases: ntalkd, mfs, updatedb | Jason McIntyre | |
ok schwarze | |||
2015-11-20 | Remove login_tis, no one should be using the TIS authentication | Todd C. Miller | |
server these days. | |||
2015-11-19 | Call syslog() if login_* pledge fails; OK deraadt@ | Todd C. Miller | |
2015-11-18 | use _shadow getpw functions. these utilities obviously deal with hashes. | Ted Unangst | |
2015-11-16 | Observe that FIOASYNC clearing for stdin is only done in the case where | Theo de Raadt | |
getty receives the fd from init, so hoist it upwards. Since revoke(2) is now allowed by pledge "rpath tty", the pledges can be hoisted much higher. ok millert semarie tedu guenther | |||
2015-11-16 | don't need to ifdef setproctitle | Ted Unangst | |
2015-11-15 | ldd(1) sets environment variable LD_TRACE_LOADED_OBJECTS to tell ld.so | Theo de Raadt | |
that it should show information about the program it loads, rather than run it. In that specific case, ld.so can pledge to "stdio rpath" to ensure that code path in ld.so has no bugs. Yes, a pledge in ld.so.... who'd have thought! ok guenther | |||
2015-11-15 | pledge "stdio rpath wpath cpath tmppath fattr" | Theo de Raadt | |
ok guenther | |||
2015-11-13 | 4-step pledge in a program noone really uses anymore. | Theo de Raadt | |
pledge "stdio inet dns proc exec" at startup. In the logging codepath, "stdio dns proc exec" after getpeername() drop to stdio proc exec(), before fork / execve Parent moving data out of the pipe only needs "stdio" | |||
2015-11-13 | _exit() in the child; as a result, must use syslog() directly. | Theo de Raadt | |
2015-11-06 | further PPP reduction, hint from sthen | Ted Unangst | |
2015-11-06 | remove ppplogin support. ok sthen | Ted Unangst | |
2015-11-06 | Fix unloading of load groups when the last reference wasn't on the | Philip Guenther | |
load_object but rather some descendent. Detect that case in _dl_unload_shlib() and switch to unloading the entire group. Based on partial analyses by Henri Kemppainen (duclare (at) guu.fi) and Peter Hajdu (peter.ferenc.hajdu (at) gmail.com) ok millert@ | |||
2015-11-02 | Remove duplicate declaration | Philip Guenther | |
2015-11-02 | Factor out the logic for mprotecting the memory between two symbols into | Philip Guenther | |
a new MI routine _dl_protect_segment(), and use that for protecting the GOT and--on some archs--the PLT. Amazing testing turnaround by miod@, who apparently violated relativity to get back results on some archs as fast as he did | |||
2015-11-02 | Fix typo: s/DT_JUMPREL/DT_JMPREL/ | Philip Guenther | |
2015-10-29 | remove tests for LD_HINTS_VERSION_1; ok kettenis | Theo de Raadt | |
2015-10-25 | No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@ | Todd C. Miller | |
2015-10-25 | unifdef some oldness. (BSD not defined since removal of param.h) | Ted Unangst | |
ok jca sthen | |||
2015-10-25 | No need to declare pwd_gensalt; it's unused and gone. | Antoine Jacoutot | |
ok tedu@ | |||
2015-10-24 | Don't compile pwd_gensalt, it's not needed since we use crypt_checkpass. | Antoine Jacoutot | |
ok tedu@ | |||
2015-10-22 | Add pledge support to login_yubikey. Much feedback and OK millert@ | Brandon Mercer | |
2015-10-22 | use crypt_checkpass("password", NULL) to fake a login instead of bcrypt | Ted Unangst | |
2015-10-22 | use crypt_checkpass to check password | Ted Unangst | |
2015-10-22 | use crypt_checkpass instead of doing things the hard way with crypt. | Ted Unangst | |
2015-10-19 | Delete the empty example file "ftpchroot"; no example is needed. | Ingo Schwarze | |
Move the one useful bit of information contained in the file ("one user name per line") to the ftpd(8) manual page where it belongs. OK deraadt@ sthen@ | |||
2015-10-17 | login_token needs pledge "flock" now. | Alexander Bluhm | |
OK millert@ | |||
2015-10-16 | Hoist clearing of FIOASYNC to much earlier, then getty can use | Theo de Raadt | |
pledge "stdio rpath fattr proc exec tty". | |||
2015-10-16 | Implement real "flock" request and add it to userland programs that | Todd C. Miller | |
use pledge and file locking. OK deraadt@ | |||
2015-10-15 | Pledge login_token with "stdio rpath wpath cpath fattr getpw tty". | Alexander Bluhm | |
OK deraadt@ | |||
2015-10-14 | Check mmap and read return values. While at it, remove unused duplicated file. | Tobias Stoeckmann | |
ok millert@ | |||
2015-10-14 | pledge "stdio rpath" is good enough for these mainline BSD auth login | Theo de Raadt | |
programs. (I am very surprised pledge ended up working for programs like this) ok semarie millert | |||
2015-10-13 | pledge "stdio rpath wpath cpath fattr"; fattr due to locking code borrowed | Theo de Raadt | |
from mail.local | |||
2015-10-12 | Call pledge(2) after initial getsockname(2) to avoid "inet" addition. | Masao Uebayashi | |
From & OK deraadt@ |