| Age | Commit message (Expand) | Author |
|---|
| 2015-10-22 | Further study shows "route" should allow all address families in NET_RT_DUMP | Theo de Raadt |
| 2015-10-22 | After some consideration, simply allow TIOCSCTTY in the "tty" pledge. | Theo de Raadt |
| 2015-10-20 | At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on | Theo de Raadt |
| 2015-10-20 | Add SIOCGIFGMEMB to "route" (returns a list of all interfaces who are | Reyk Floeter |
| 2015-10-20 | clear whitelisted-paths view in pledge. | Sebastien Marie |
| 2015-10-20 | allow SO_ERROR all the time | Theo de Raadt |
| 2015-10-20 | Always allow the setsockopt & getsockopt system calls... however, in the | Theo de Raadt |
| 2015-10-19 | Allow setpriority in "proc" as well, since a few shells have "nice" | Theo de Raadt |
| 2015-10-19 | Print vnode type for sendfd/recvfd not file type, ok semarie | Nicholas Marriott |
| 2015-10-18 | Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd" | Theo de Raadt |
| 2015-10-18 | move SS_DNS socket check from kern_plegde.c to sys_generic.c | Sebastien Marie |
| 2015-10-18 | getting sloppy, lost a } | Theo de Raadt |
| 2015-10-18 | Move your drink further away... When a program pledged "getpw" fails to | Theo de Raadt |
| 2015-10-18 | TIOCSTI and TIOCSCTTY; oops got the condition backwards. | Theo de Raadt |
| 2015-10-18 | Allow read/write access to /dev/tty when using "tty" pledge. | Doug Hogan |
| 2015-10-18 | Add two new system calls: dnssocket() and dnsconnect(). This creates a | Theo de Raadt |
| 2015-10-17 | naddy asks me if __tfork should be allowed by "proc". yes! | Theo de Raadt |
| 2015-10-17 | Allow the nasty ioctl TIOCSTI in "tty", but also require the "proc" | Theo de Raadt |
| 2015-10-17 | better wording in a comment | Theo de Raadt |
| 2015-10-17 | Unify TIOCGPGRP/TIOCGWINSZ/TIOCGWINSZ behaviour regarding ENOTTY return. | Theo de Raadt |
| 2015-10-17 | Allow TIOCSCTTY on tty devices, if the pledge says "tty id" | Theo de Raadt |
| 2015-10-17 | whitespace | Theo de Raadt |
| 2015-10-17 | Add pledge "id" support. This request permits setuid/seteuid/setresuid, | Theo de Raadt |
| 2015-10-17 | Allow a few 'get' ioctls for pledge("route"). route6d will soon use this. | Jeremie Courreges-Anglas |
| 2015-10-16 | Also allow 6 as a miblen for NET_RT_DUMP, not all users specify a rtable. | Jeremie Courreges-Anglas |
| 2015-10-16 | Repair the pty check for kernels without pty support. | Theo de Raadt |
| 2015-10-16 | Allow PTMGET with "tty rpath wpath" but restrict only to /dev/ptm by | Nicholas Marriott |
| 2015-10-16 | Always allow a r/w opening of /dev/null though the namei check. This | Theo de Raadt |
| 2015-10-16 | delete pledge_bind_check() function and remove pledge_bind_check() call from ... | Sebastien Marie |
| 2015-10-16 | Place TIOCSTI reminder block better | Theo de Raadt |
| 2015-10-16 | For "tty" pledges, treat TIOCGPGRP and TIOCGWINSZ like TIOCGETA - | Theo de Raadt |
| 2015-10-16 | Implement real "flock" request and add it to userland programs that | Todd C. Miller |
| 2015-10-16 | FIOSETOWN/FIOGETOWN were added to "ioctl", but study finds no programs | Theo de Raadt |
| 2015-10-16 | Add TIOCCBRK and TIOCSDTR to the whitelist for pledge ioctl. | Doug Hogan |
| 2015-10-15 | Add TIOCFLUSH to "tty" in support of tcflush() | Theo de Raadt |
| 2015-10-15 | Exposing FIOASYNC in pledge "ioctl" is a mistake; remove it, cannot find safe... | Theo de Raadt |
| 2015-10-15 | FIOCLEX & FIONCLEX should be in base ioctl set | Theo de Raadt |
| 2015-10-14 | FALTHROUGH->FALLTHROUGH in comment, ok deraadt a few days ago | Stuart Henderson |
| 2015-10-14 | Add a dummy "flock" request that will allow file locking. It is | Todd C. Miller |
| 2015-10-14 | When pledged with "fattr", allow chown to supplimentary groups. This | Theo de Raadt |
| 2015-10-14 | pledge "tty" can allow ioctl TIOCEXCL on a tty | Theo de Raadt |
| 2015-10-14 | sendmsg() is allowed to pass cmsg's which are not CMSG_RIGHTS - last | Theo de Raadt |
| 2015-10-13 | 3 more headers required for one stinking inet6 ioctl.. | Theo de Raadt |
| 2015-10-13 | Allow ioctl SIOCGNBRINFO_IN6 in case of "route", for use by ndp. | Theo de Raadt |
| 2015-10-13 | NET_RT_FLAGS must also accept a proto selection. | Theo de Raadt |
| 2015-10-13 | allow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledge | Theo de Raadt |
| 2015-10-13 | Pledge "fattr" request should allow fchflags(). | Doug Hogan |
| 2015-10-12 | pledge "proc" request should allow setsid() | Theo de Raadt |
| 2015-10-12 | Remove the "cmsg" attribute, as promised. Use "sendfd" or "recvfd", | Theo de Raadt |
| 2015-10-11 | add a missed check for PLEDGE_RPATH when reading a file. | Sebastien Marie |
