| Age | Commit message (Expand) | Author |
|---|
| 2015-12-06 | Change kernel internal pledge variables to 64bit (to prepare for more | Theo de Raadt |
| 2015-12-05 | Study of kernel code complete. Permit ioctl SIOCGIFMEDIA for pledge | Theo de Raadt |
| 2015-12-04 | allow utrace(2) by default. | Theo de Raadt |
| 2015-12-04 | remove PLEDGE_INET granting when using "getpw" in YP environnment | Sebastien Marie |
| 2015-12-04 | Add pledge "dpath", which provides access to mknod(2) and mkfifo(2). | Theo de Raadt |
| 2015-12-04 | Do not think atomicity is required here. In any case, prepare for | Theo de Raadt |
| 2015-12-03 | Remove the /usr/share/nls/ exception from pledge(2). The libc | Alexander Bluhm |
| 2015-12-03 | pledge(pf) needs to allow DIOCKILLSRCNODES, used in relayd. | Sebastian Benoit |
| 2015-11-29 | On a SMALL_KERNEL, pledge "pf" has to be a no-op. We cannot match | Theo de Raadt |
| 2015-11-29 | Add pledge "pf" which allows ioctls on pf(4). This will be used by | Sebastian Benoit |
| 2015-11-28 | pledge: allow getsockopt IP_IPDEFTTL with promise inet | Sebastian Benoit |
| 2015-11-27 | Two additional ioctls for pledge("disklabel"), needed by installboot. | Jeremie Courreges-Anglas |
| 2015-11-25 | permit kern.maxpartitions | Theo de Raadt |
| 2015-11-24 | Add sendsyslog2(), which accepts the syslog/openlog "logopt" flag | Theo de Raadt |
| 2015-11-23 | the "getpw" test for /dev/tty is only needed for readpassphrase(3), | Theo de Raadt |
| 2015-11-23 | need sys/device.h | Theo de Raadt |
| 2015-11-22 | For "disklabel", allow sysctl mach.chr2kblk and ioctl BIOCINQ/BIOCVOL | Theo de Raadt |
| 2015-11-22 | "getpw" should also allow access to /etc/netid | Theo de Raadt |
| 2015-11-20 | Permit msync(2) in the "stdio" set; only a few programs use it related | Theo de Raadt |
| 2015-11-20 | Add pledge "disklabel", which allows sysctl kern.rawpartition, a | Theo de Raadt |
| 2015-11-20 | Exempt accept(2) from the pledge_socket() check part of the "domain" | Theo de Raadt |
| 2015-11-18 | check domain and state of socket against pledge promise. | Sebastien Marie |
| 2015-11-17 | backout removal of SYS_break from stdio, suggested by deraadt@ | Stuart Henderson |
| 2015-11-17 | Allow sysctl kern.clockrate, kern.argmax, kern.ngroups, kern.sysvshm, | Theo de Raadt |
| 2015-11-16 | Allow TIOCEXT in pledge "tty" | Theo de Raadt |
| 2015-11-16 | Permit revoke(2) for a pledge "rpath tty" | Theo de Raadt |
| 2015-11-16 | brk/sbrk's use case is way too narrow to be a default stdio pledge. | Pascal Stumpf |
| 2015-11-14 | Add pathconf() to pledge "rpath"; ok guenther | Theo de Raadt |
| 2015-11-14 | For pledge "stdio", allow the break(2) system call which backends the brk/sbrk | Theo de Raadt |
| 2015-11-13 | All setsockopt IPPROTO_IPV6 IPV6_TCLASS (v4 calls this IP_TOS) | Theo de Raadt |
| 2015-11-10 | Split the intra-thread functionality from kill(2) into its own syscall | Philip Guenther |
| 2015-11-05 | revert sys/kern/kern_pledge.c 1.103 and reenable pledge in pwd_mkdb | Sebastien Marie |
| 2015-11-04 | pledge_ioctl only takes files, adjust prototype. ok semarie | Ted Unangst |
| 2015-11-04 | move /etc/spwd.db blacklist outside PLEDGE_GETPW check. | Sebastien Marie |
| 2015-11-03 | pledge_aftersyscall has been reduced to one case, "getpw", to open a | Theo de Raadt |
| 2015-11-02 | some tweaks to the signal code. | Ted Unangst |
| 2015-11-02 | use binary-search for pledge-request | Sebastien Marie |
| 2015-11-02 | move the pledgenote annotation from `struct proc' to `struct nameidata' | Sebastien Marie |
| 2015-11-02 | also handle the kill(self) case for threads; from Theo Buehler | Theo de Raadt |
| 2015-11-01 | refactor pledge_*_check and pledge_fail functions | Sebastien Marie |
| 2015-11-01 | Do not need to check the pledge control bits for system calls that are | Theo de Raadt |
| 2015-11-01 | uniformize "always allowed syscalls" with pledge | Sebastien Marie |
| 2015-10-31 | oops, forgot pselect! crazy how many interface the kernel has here. | Theo de Raadt |
| 2015-10-31 | expose the sysctl backing getloadavg(3) all the time, now that more | Theo de Raadt |
| 2015-10-29 | Add some setsockopt hacks for libisc, aka John Frum | Theo de Raadt |
| 2015-10-29 | Reorder system call table into sequential blocks of alike-functionality | Theo de Raadt |
| 2015-10-28 | cleanup indentation and comments in sysctl whitelist | Theo de Raadt |
| 2015-10-28 | merge whitelisted r/w paths and rd paths switch to only one. It becomes | Sebastien Marie |
| 2015-10-28 | make sys_chroot() only allowed to be used when pledged, with "rpath id proc". | Sebastien Marie |
| 2015-10-28 | refactor pledge_namei() a bit | Sebastien Marie |
