Age | Commit message (Expand) | Author |
2017-01-26 | Allocate the mbuf before the netlock. While here, move the setting of | David Hill |
2017-01-25 | Allocate and connect sockets first, then upon success create file | Theo de Raadt |
2017-01-25 | Enable the NET_LOCK(), take 2. | Martin Pieuchot |
2017-01-24 | In accept(2) and accept4(2) allocate a new file descriptor before | Martin Pieuchot |
2016-12-29 | Change NET_LOCK()/NET_UNLOCK() to be simple wrappers around | Martin Pieuchot |
2016-12-19 | Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts | Martin Pieuchot |
2016-11-29 | m_free() and m_freem() test for NULL. Simplify callers which had their own | Jonathan Gray |
2016-11-28 | Remove NULL checks before m_free{m,}(). | Martin Pieuchot |
2016-11-21 | Enforce that pr_usrreq functions are called at IPL_SOFTNET. | Martin Pieuchot |
2016-11-09 | Do not call splsoftnet() recursively, this won't work with a lock. | Martin Pieuchot |
2016-10-23 | unbreak by fixing obvious pastos | Christian Weisgerber |
2016-10-23 | handle non-INET6 kernels in some way | Theo de Raadt |
2016-10-23 | dns hijacking must be af specific. move it into the port check function, | Ted Unangst |
2016-10-08 | Add ktracing of the fds returned by pipe() and socketpair() | Philip Guenther |
2016-10-07 | introduce a sysctl to hijack dns sockets. when set to a port number, | Ted Unangst |
2016-08-09 | When interrupted, connect() should leave the socket connecting in the | Philip Guenther |
2016-05-18 | Remove unnecessary cast of buflen to u_int in sockargs(). This was | Todd C. Miller |
2016-01-08 | On the recvmsg() side, cmsgs are in mbuf chains, not a contiguous buffer. | Philip Guenther |
2015-12-05 | remove stale lint annotations | Ted Unangst |
2015-11-21 | remove completely pledge_socket() from listen(2) and accept(2). | Sebastien Marie |
2015-11-20 | Neuter the pledge domain checking for listen, getpeername, and getsockname | Theo de Raadt |
2015-11-20 | Exempt accept(2) from the pledge_socket() check part of the "domain" | Theo de Raadt |
2015-11-19 | corrects leaks refs to files introduced by my previous commit for pledge_socket. | Sebastien Marie |
2015-11-18 | check domain and state of socket against pledge promise. | Sebastien Marie |
2015-11-08 | pull initialization up before poosible goto bad, from Mark Latimer | Ted Unangst |
2015-11-01 | refactor pledge_*_check and pledge_fail functions | Sebastien Marie |
2015-10-28 | more accurate pledge_fail() error and code for sys_socket | Sebastien Marie |
2015-10-28 | The short-lived dnssocket/dnsconnect calls are being required because we | Theo de Raadt |
2015-10-26 | dns check needs to be done on the kernel address after copyin | Ted Unangst |
2015-10-25 | Fold "malloc" into "stdio" and -- recognizing that no program so far has | Theo de Raadt |
2015-10-25 | pledge_sockopt_check is shared between setsockopt/getsockopt. nicm | Theo de Raadt |
2015-10-20 | At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on | Theo de Raadt |
2015-10-20 | Always allow the setsockopt & getsockopt system calls... however, in the | Theo de Raadt |
2015-10-18 | Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd" | Theo de Raadt |
2015-10-18 | Add two new system calls: dnssocket() and dnsconnect(). This creates a | Theo de Raadt |
2015-10-16 | delete pledge_bind_check() function and remove pledge_bind_check() call from ... | Sebastien Marie |
2015-10-09 | Rename tame() to pledge(). This fairly interface has evolved to be more | Theo de Raadt |
2015-10-06 | Rework the tame cmsg handler to make it work both ways. While on recv one | Claudio Jeker |
2015-09-29 | Save a lot of people grief. tame()'d CMSG reception is busted and it | Theo de Raadt |
2015-09-11 | Convert _TM_ flags to TAME_ flags, collapsing the entire mapping | Theo de Raadt |
2015-09-11 | Only include <sys/tame.h> in the .c files that need it | Philip Guenther |
2015-08-22 | Move to tame(int flags, char *paths[]) API/ABI. | Theo de Raadt |
2015-07-28 | Add ktracing of structs iovec, msghdr, and cmsghdr for {,p}{read,write}v(), | Philip Guenther |
2015-07-27 | tame check of msghdr should be done after checking for copyin failure | Philip Guenther |
2015-07-19 | tame(2) is a subsystem which restricts programs into a "reduced feature | Theo de Raadt |
2015-07-17 | In socketpair(), need to mask the type argument when testing for dgram. | Philip Guenther |
2015-05-21 | Rename caddr_t p to cp in an inner block to avoid aliasing the outer | Nicholas Marriott |
2015-05-06 | Pass a thread pointer instead of its file descriptor table to getsock(9). | Martin Pieuchot |
2015-03-14 | Remove some includes include-what-you-use claims don't | Jonathan Gray |
2015-01-19 | Move doaccept() declaration from its .c file to sys/socketvar.h for use | Philip Guenther |