| Age | Commit message (Expand) | Author |
|---|
| 2015-11-02 | some tweaks to the signal code. | Ted Unangst |
| 2015-11-02 | use binary-search for pledge-request | Sebastien Marie |
| 2015-11-02 | move the pledgenote annotation from `struct proc' to `struct nameidata' | Sebastien Marie |
| 2015-11-02 | also handle the kill(self) case for threads; from Theo Buehler | Theo de Raadt |
| 2015-11-01 | refactor pledge_*_check and pledge_fail functions | Sebastien Marie |
| 2015-11-01 | Do not need to check the pledge control bits for system calls that are | Theo de Raadt |
| 2015-11-01 | uniformize "always allowed syscalls" with pledge | Sebastien Marie |
| 2015-10-31 | oops, forgot pselect! crazy how many interface the kernel has here. | Theo de Raadt |
| 2015-10-31 | expose the sysctl backing getloadavg(3) all the time, now that more | Theo de Raadt |
| 2015-10-29 | Add some setsockopt hacks for libisc, aka John Frum | Theo de Raadt |
| 2015-10-29 | Reorder system call table into sequential blocks of alike-functionality | Theo de Raadt |
| 2015-10-28 | cleanup indentation and comments in sysctl whitelist | Theo de Raadt |
| 2015-10-28 | merge whitelisted r/w paths and rd paths switch to only one. It becomes | Sebastien Marie |
| 2015-10-28 | make sys_chroot() only allowed to be used when pledged, with "rpath id proc". | Sebastien Marie |
| 2015-10-28 | refactor pledge_namei() a bit | Sebastien Marie |
| 2015-10-28 | canonpath() error isn't related to p_pledgenote requirement (only possible | Sebastien Marie |
| 2015-10-28 | in pledge_namei(), move PLEDGE_EXEC check sooner: it doesn't depend of path | Sebastien Marie |
| 2015-10-28 | Prevent F_SETOWN, unless a "proc" pledge was made. | Theo de Raadt |
| 2015-10-28 | The short-lived dnssocket/dnsconnect calls are being required because we | Theo de Raadt |
| 2015-10-28 | kern.cptime is length 2 | Theo de Raadt |
| 2015-10-28 | support kern.cptime also | Theo de Raadt |
| 2015-10-26 | Add ppoll() to "stdio" | Theo de Raadt |
| 2015-10-26 | Allow NET_RT_IFLIST in pledge "dns" as well | Theo de Raadt |
| 2015-10-26 | If the system call is entirely unpermitted, code will be 0, and there is | Theo de Raadt |
| 2015-10-26 | add setreuid/setregid to "id" | Theo de Raadt |
| 2015-10-26 | change some pledge_fail() error/code | Sebastien Marie |
| 2015-10-26 | make pledge_check(), used for syscall check with pledge, returns an error and | Sebastien Marie |
| 2015-10-25 | Fold "malloc" into "stdio" and -- recognizing that no program so far has | Theo de Raadt |
| 2015-10-25 | pledge_sockopt_check is shared between setsockopt/getsockopt. nicm | Theo de Raadt |
| 2015-10-25 | reorder some checks in pledge_namei() in order to properly work. | Sebastien Marie |
| 2015-10-25 | ps(1) needs sysctl KERN_PROC_CWD exposed as well in the pledge "ps" set. | Theo de Raadt |
| 2015-10-25 | For SYS_open let the /dev/null special case match if any TMN_RPATH, | Todd C. Miller |
| 2015-10-25 | Allow getsockopt(IP_OPTIONS) (with inet), needed by portmap (for RPC). | Nicholas Marriott |
| 2015-10-23 | Allow SIOCGIFINFO_IN6 | Theo de Raadt |
| 2015-10-23 | Introduce a new sysctl NET_RT_IFNAMES that returns only ifnames to ifindex | Claudio Jeker |
| 2015-10-23 | Add 3 new pledge requests. "ps" exposes enough sysctl information for | Theo de Raadt |
| 2015-10-23 | Allow hw.ncpu sysctl (a few reasons showed up in my mailbox rapidly..) | Theo de Raadt |
| 2015-10-22 | Further study shows "route" should allow all address families in NET_RT_DUMP | Theo de Raadt |
| 2015-10-22 | After some consideration, simply allow TIOCSCTTY in the "tty" pledge. | Theo de Raadt |
| 2015-10-20 | At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on | Theo de Raadt |
| 2015-10-20 | Add SIOCGIFGMEMB to "route" (returns a list of all interfaces who are | Reyk Floeter |
| 2015-10-20 | clear whitelisted-paths view in pledge. | Sebastien Marie |
| 2015-10-20 | allow SO_ERROR all the time | Theo de Raadt |
| 2015-10-20 | Always allow the setsockopt & getsockopt system calls... however, in the | Theo de Raadt |
| 2015-10-19 | Allow setpriority in "proc" as well, since a few shells have "nice" | Theo de Raadt |
| 2015-10-19 | Print vnode type for sendfd/recvfd not file type, ok semarie | Nicholas Marriott |
| 2015-10-18 | Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd" | Theo de Raadt |
| 2015-10-18 | move SS_DNS socket check from kern_plegde.c to sys_generic.c | Sebastien Marie |
| 2015-10-18 | getting sloppy, lost a } | Theo de Raadt |
| 2015-10-18 | Move your drink further away... When a program pledged "getpw" fails to | Theo de Raadt |
