src - OpenBSD base system

Age	Commit message (Collapse)	Author
2017-10-07	In "tty", permitting TIOCSTART is fine	Theo de Raadt

2017-10-07	permit SYS___set_tcb, upcoming code will require this	Theo de Raadt

2017-09-08	If you use sys/param.h, you don't need sys/types.h	Theo de Raadt

2017-08-29	Remove old deactivated pledge path code. A replacement mechanism is	Theo de Raadt
	being brewed. ok beck
2017-08-21	Allow SIOCGIFAFLAG_IN6 and SIOCGIFALIFETIME_IN6 ioctls with	Florian Obser
	pledge("route"). These are read only and expose only minimal kernel code. slaacd(8) needs this on startup and when an interface gains the autoconf6 flag to get lifetime and autoconf information about already configured addresses. OK deraadt
2017-07-28	Allow SIOCGIFDESCR with "route" promise in preparation for pledging snmpd.	rob
	ok deraadt@ benno@
2017-06-29	Due to risks known for decades, TIOCSTI now performs no action, and simply	Theo de Raadt
	returns EIO. The base system has been cleaned of TIOCSTI uses (collaboration between anton and I), and the ports tree appears mostly clean. A few stragglers may be discovered and cleaned up later... In a month or so, we should see if the #define can be removed entirely. ok anton tedu, support from millert
2017-06-21	Permit TIOCSTAT on a tty.	Theo de Raadt

2017-06-19	Terminate pledge log(9) with newline. This fixes dmesg(8) output.	Alexander Bluhm
	found by regress/sys/kern/pledge/generic; OK deraadt@
2017-06-12	Pledge is fairly done, so the kernel printf's can be converted to log()	Theo de Raadt
	calls. They'll be a little less visible, but still in the system logs. ok bluhm
2017-06-07	Add an acct(5) flag for pledge violations. Then lastcomm(1) shows	Alexander Bluhm
	when something went wrong. This allows to monitor whether the system is under attack and that the attack has been prevented by OpenBSD pledge(2). OK deraadt@ millert@ jmc@
2017-06-03	Avoid printing garbage when aborting a program that tries to use a	Theo Buehler
	prohibited sysctl. ok deraadt
2017-05-30	getrtable() is now permitted in "stdio". It carries no risk factors.	Theo de Raadt

2017-05-21	Enable radeondrm(4) on loongson to get accelerated graphics	Visa Hankala
	with the RS780E chipset. OK kettenis@, jsg@
2017-05-02	Stricter pledge for bpf. ok deraadt	Martin Natano

2017-04-29	Mark futex(2) as PLEDGE_STDIO like all other thread-related syscalls.	Martin Pieuchot
	From semarie@, ok deraadt@
2017-04-28	Add futex(2) syscall based on a sane subset of its Linux equivalent.	Martin Pieuchot
	The syscall is marked NOLOCK and only FUTEX_WAIT grabs the KERNEL_LOCK() because of PCATCH and the signal nightmare. Serialization of threads is currently done with a global & exclusive rwlock. Note that the current implementation still use copyin(9) which is not guaranteed to be atomic. Committing now such that remaining issues can be addressed in-tree. With inputs from guenther@, kettenis@ and visa@. ok deraadt@, visa@
2017-04-20	only 32 bits of the pledgecode were passed up via ktrace	Theo de Raadt
	from Anton Lindqvist ok semarie
2017-04-17	matthieu@ observes % pax (without any arguments) hits pledge violation,	Theo de Raadt
	because it tries MTIOCTOP against stdin, the tty. It is very inconvenient to use isatty to distinguish this difference in userland, so return ENOTTY for tty devices. ok natano
2017-04-13	Delete the getlogin59 syscall, which was last used one year, two releases,	Philip Guenther
	and four libc major versions ago ok sthen@ jsing@ deraadt@ jca@
2017-04-11	Add SIOCATMARK to allow pledge("inet") programs to call sockatmark(3).	Alexander Bluhm
	from Matthias Pitzl; OK deraadt@
2017-03-30	correct NBPFILTER #ifdef's	Theo de Raadt
	from sthen and others
2017-03-28	Allow the multicast ttl/hops and loop options with the mcast pledge.	Alexander Bluhm
	from Matthias Pitzl; OK deraadt@
2017-03-27	wrap bpf pledge code in #if BPFFILTER	Theo de Raadt

2017-03-26	Inside pledge_ioctl, wrap #if's around the complete sub-blocks.	Theo de Raadt

2017-03-26	For the tape ioctls, recognize that block devices don't exist anymore.	Theo de Raadt
	Also fail if the descriptor is actually a tty. ok guenther
2017-03-18	The "ioctl" pledge which was had functionality split out into "tape",	Theo de Raadt
	"bpf", and "inet" can finally go away. Use a snapshot if you get into trouble, most likely in pax..
2017-03-14	Allow SIOCGIFXFLAGS in pledge("route") along side SIOCGIFFLAGS, needed	Florian Obser
	for upcoming IPv6 stateless address autoconfiguration daemon to see if autoconfiguration and autoconfprivacy are enabled. Input semarie@; OK deraadt@
2017-03-11	pax conversion was missed; give this another week	Theo de Raadt

2017-03-11	remove pledge "ioctl" backwards compat	Theo de Raadt

2017-01-23	Backwards compat for pledge "ioctl" for about a week	Theo de Raadt

2017-01-23	Split pledge "ioctl" into "tape" and "bpf", and allow SIOCGIFGROUP only	Theo de Raadt
	upon "inet". Adjust the 4 programs that care about this.
2017-01-23	whitespace	Theo de Raadt

2017-01-21	p_comm is the process's command and isn't per thread, so move it from	Philip Guenther
	struct proc to struct process. ok deraadt@ kettenis@
2016-11-13	Fix typo in comment: it's vm.loadavg, not kern.loadavg.	Theo Buehler
	From patrick keshishian
2016-10-27	For consistency, allow symlinkat(2) in the same way as symlink(2);	Ingo Schwarze
	no need to wait until the first program using it breaks... "could make sense" semarie@ (and thanks for the cluestick) OK deraadt@
2016-10-21	pledge changes needed to support pledging vmd(8) on i386, forthcoming.	Mike Larkin
	ok deraadt@
2016-10-06	In pledge_namei_wlpath() if resolvpath() errors out early it will not	Jonathan Gray
	set variables that will be later used as the size argument to free(NULL calls. This should be harmless as free returns early if the address is NULL without checking the size. Initialise these variables before the call to ensure they are never passed to another function uninitialised. ok tedu@ millert@ deraadt@
2016-10-05	Display the process's PID with p->p_p->ps_pid, not p->p_pid.	Philip Guenther
	Use a local variable struct process *pr to simplify expressions ok deraadt@
2016-09-17	NPF > 0 is a better test than SMALL for presence of pf.	Ted Unangst
	ok deraadt
2016-09-04	Remove sys_o58_kill since OpenBSD 6.0 has been tagged/released.	Joel Sing
	ok deraadt@
2016-08-31	Delete unused ioctls and associated macros. Move macros that are still	Alexandre Ratchov
	used internally by low-level drivers from sys/audioio.h to dev/audio_if.h instead of deleting them.
2016-07-28	Revert previous commit	Mike Belopuhov

2016-07-28	Convert ifq_deq_{begin,rollback,commit} dance to a single ifq_dequeue	Mike Belopuhov

2016-07-12	remove more noisy messages in "sendfd" and "recvfd"	Theo de Raadt

2016-07-11	be less noisy on console in case of "recvfd" refusal	Theo de Raadt
	ok semarie
2016-07-10	pledge: use uint64_t instead of int for temporary storing a 64bit integer	Sebastien Marie
	affects only 32 bits platform (like i386). problem spotted and diff from pelikan@ ok deraadt@ jca@
2016-07-10	Paranoia: check KTRPOINT() before calling ktrpledge() to guarantee we	Philip Guenther
	can't (in the future) loop from ktrace writing hitting a pledge condition. diff from Michal Mazurek (akfaew (at) jasminek.net)
2016-07-03	introduces new promise "chown" to allow changing owner/group with *chown(2) ↵	Sebastien Marie
	family it splits PLEDGE_FATTR in two ("fattr" stills grant the 2 flags, so no functional changes): - PLEDGE_CHOWN : to be able to call chown(2) syscalls - PLEDGE_FATTR : the rest it introduces "chown" which grant: - PLEDGE_CHOWN : be able to call chown(2) - PLEDGE_CHOWNUID : be able to modifying owner/group ok deraadt@ tedu@
2016-06-28	in pledgereq (the array for doing correspondance between textual promise as ↵	Sebastien Marie
	in pledge(2) and internal PLEDGE_* flag), the flags member should be a uint64_t and not a int. ok deraadt@