| Age | Commit message (Expand) | Author |
|---|
| 2016-11-09 | Do not call splsoftnet() recursively, this won't work with a lock. | Martin Pieuchot |
| 2016-10-23 | unbreak by fixing obvious pastos | Christian Weisgerber |
| 2016-10-23 | handle non-INET6 kernels in some way | Theo de Raadt |
| 2016-10-23 | dns hijacking must be af specific. move it into the port check function, | Ted Unangst |
| 2016-10-08 | Add ktracing of the fds returned by pipe() and socketpair() | Philip Guenther |
| 2016-10-07 | introduce a sysctl to hijack dns sockets. when set to a port number, | Ted Unangst |
| 2016-08-09 | When interrupted, connect() should leave the socket connecting in the | Philip Guenther |
| 2016-05-18 | Remove unnecessary cast of buflen to u_int in sockargs(). This was | Todd C. Miller |
| 2016-01-08 | On the recvmsg() side, cmsgs are in mbuf chains, not a contiguous buffer. | Philip Guenther |
| 2015-12-05 | remove stale lint annotations | Ted Unangst |
| 2015-11-21 | remove completely pledge_socket() from listen(2) and accept(2). | Sebastien Marie |
| 2015-11-20 | Neuter the pledge domain checking for listen, getpeername, and getsockname | Theo de Raadt |
| 2015-11-20 | Exempt accept(2) from the pledge_socket() check part of the "domain" | Theo de Raadt |
| 2015-11-19 | corrects leaks refs to files introduced by my previous commit for pledge_socket. | Sebastien Marie |
| 2015-11-18 | check domain and state of socket against pledge promise. | Sebastien Marie |
| 2015-11-08 | pull initialization up before poosible goto bad, from Mark Latimer | Ted Unangst |
| 2015-11-01 | refactor pledge_*_check and pledge_fail functions | Sebastien Marie |
| 2015-10-28 | more accurate pledge_fail() error and code for sys_socket | Sebastien Marie |
| 2015-10-28 | The short-lived dnssocket/dnsconnect calls are being required because we | Theo de Raadt |
| 2015-10-26 | dns check needs to be done on the kernel address after copyin | Ted Unangst |
| 2015-10-25 | Fold "malloc" into "stdio" and -- recognizing that no program so far has | Theo de Raadt |
| 2015-10-25 | pledge_sockopt_check is shared between setsockopt/getsockopt. nicm | Theo de Raadt |
| 2015-10-20 | At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on | Theo de Raadt |
| 2015-10-20 | Always allow the setsockopt & getsockopt system calls... however, in the | Theo de Raadt |
| 2015-10-18 | Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd" | Theo de Raadt |
| 2015-10-18 | Add two new system calls: dnssocket() and dnsconnect(). This creates a | Theo de Raadt |
| 2015-10-16 | delete pledge_bind_check() function and remove pledge_bind_check() call from ... | Sebastien Marie |
| 2015-10-09 | Rename tame() to pledge(). This fairly interface has evolved to be more | Theo de Raadt |
| 2015-10-06 | Rework the tame cmsg handler to make it work both ways. While on recv one | Claudio Jeker |
| 2015-09-29 | Save a lot of people grief. tame()'d CMSG reception is busted and it | Theo de Raadt |
| 2015-09-11 | Convert _TM_ flags to TAME_ flags, collapsing the entire mapping | Theo de Raadt |
| 2015-09-11 | Only include <sys/tame.h> in the .c files that need it | Philip Guenther |
| 2015-08-22 | Move to tame(int flags, char *paths[]) API/ABI. | Theo de Raadt |
| 2015-07-28 | Add ktracing of structs iovec, msghdr, and cmsghdr for {,p}{read,write}v(), | Philip Guenther |
| 2015-07-27 | tame check of msghdr should be done after checking for copyin failure | Philip Guenther |
| 2015-07-19 | tame(2) is a subsystem which restricts programs into a "reduced feature | Theo de Raadt |
| 2015-07-17 | In socketpair(), need to mask the type argument when testing for dgram. | Philip Guenther |
| 2015-05-21 | Rename caddr_t p to cp in an inner block to avoid aliasing the outer | Nicholas Marriott |
| 2015-05-06 | Pass a thread pointer instead of its file descriptor table to getsock(9). | Martin Pieuchot |
| 2015-03-14 | Remove some includes include-what-you-use claims don't | Jonathan Gray |
| 2015-01-19 | Move doaccept() declaration from its .c file to sys/socketvar.h for use | Philip Guenther |
| 2015-01-19 | Delete ABI compat for osockaddr: 20 years and many ABI bumps since sa_len added | Philip Guenther |
| 2014-12-13 | yet more mallocarray() changes. | Doug Hogan |
| 2014-12-11 | convert bcopy to memcpy/memmove. ok krw | Ted Unangst |
| 2014-12-09 | More malloc() -> mallocarray() in the kernel. | Doug Hogan |
| 2014-12-02 | In sys_socket() and doaccept(), gotta skip setting the close-on-exec | Philip Guenther |
| 2014-09-09 | Delete the SS_ISCONFIRMING flag that supported delayed connection | Philip Guenther |
| 2014-08-31 | Add additional kernel interfaces for setting close-on-exec on fds | Philip Guenther |
| 2014-07-13 | pass the size to free in some of the obvious cases | Ted Unangst |
| 2014-07-12 | add a size argument to free. will be used soon, but for now default to 0. | Ted Unangst |
