| Age | Commit message (Expand) | Author |
|---|
| 2015-11-23 | the "getpw" test for /dev/tty is only needed for readpassphrase(3), | Theo de Raadt |
| 2015-11-23 | Do not include <sys/atomic.h> inside <sys/refcnt.h>. | Martin Pieuchot |
| 2015-11-23 | need sys/device.h | Theo de Raadt |
| 2015-11-22 | For "disklabel", allow sysctl mach.chr2kblk and ioctl BIOCINQ/BIOCVOL | Theo de Raadt |
| 2015-11-22 | "getpw" should also allow access to /etc/netid | Theo de Raadt |
| 2015-11-21 | Retire ml_requeue(9) and mq_requeue(9). | Martin Pieuchot |
| 2015-11-21 | remove completely pledge_socket() from listen(2) and accept(2). | Sebastien Marie |
| 2015-11-20 | Neuter the pledge domain checking for listen, getpeername, and getsockname | Theo de Raadt |
| 2015-11-20 | Permit msync(2) in the "stdio" set; only a few programs use it related | Theo de Raadt |
| 2015-11-20 | Add pledge "disklabel", which allows sysctl kern.rawpartition, a | Theo de Raadt |
| 2015-11-20 | Exempt accept(2) from the pledge_socket() check part of the "domain" | Theo de Raadt |
| 2015-11-20 | VISTTY check in revoke() is not working well for the non-indirected | Theo de Raadt |
| 2015-11-20 | Fix whitespace. No binary change. | Jonathan Gray |
| 2015-11-19 | dont try and wakeup other threads to handle pending work when we | David Gwynne |
| 2015-11-19 | corrects leaks refs to files introduced by my previous commit for pledge_socket. | Sebastien Marie |
| 2015-11-18 | check domain and state of socket against pledge promise. | Sebastien Marie |
| 2015-11-18 | In sys_revoke, inspect the VISTTY flag on the backside of VOP_GETATTR, | Theo de Raadt |
| 2015-11-17 | backout removal of SYS_break from stdio, suggested by deraadt@ | Stuart Henderson |
| 2015-11-17 | Allow sysctl kern.clockrate, kern.argmax, kern.ngroups, kern.sysvshm, | Theo de Raadt |
| 2015-11-16 | Allow TIOCEXT in pledge "tty" | Theo de Raadt |
| 2015-11-16 | Permit revoke(2) for a pledge "rpath tty" | Theo de Raadt |
| 2015-11-16 | Only perform revoke(2) on tty cdevs. Others paths return ENOTTY. | Theo de Raadt |
| 2015-11-16 | In getdevvp() set the VISTTY flag on a vnode to indicate the underlying | Theo de Raadt |
| 2015-11-16 | brk/sbrk's use case is way too narrow to be a default stdio pledge. | Pascal Stumpf |
| 2015-11-14 | Add pathconf() to pledge "rpath"; ok guenther | Theo de Raadt |
| 2015-11-14 | For pledge "stdio", allow the break(2) system call which backends the brk/sbrk | Theo de Raadt |
| 2015-11-13 | All setsockopt IPPROTO_IPV6 IPV6_TCLASS (v4 calls this IP_TOS) | Theo de Raadt |
| 2015-11-13 | Use ph_ prefix for tag-related fields. | Martin Pieuchot |
| 2015-11-12 | Prefix flowid with ph_ and print it in m_print(). | Martin Pieuchot |
| 2015-11-11 | ktrace vnodes do not need to be opened with FREAD, as they are | Theo de Raadt |
| 2015-11-10 | regen | Philip Guenther |
| 2015-11-10 | Split the intra-thread functionality from kill(2) into its own syscall | Philip Guenther |
| 2015-11-08 | pull initialization up before poosible goto bad, from Mark Latimer | Ted Unangst |
| 2015-11-08 | keep all the setperf timeout(9) handling in one place; ok tedu@ | Christian Weisgerber |
| 2015-11-05 | revert sys/kern/kern_pledge.c 1.103 and reenable pledge in pwd_mkdb | Sebastien Marie |
| 2015-11-04 | pledge_ioctl only takes files, adjust prototype. ok semarie | Ted Unangst |
| 2015-11-04 | move /etc/spwd.db blacklist outside PLEDGE_GETPW check. | Sebastien Marie |
| 2015-11-03 | AF_UNIX connect is a "unix" operation, not "rpath wpath" | Theo de Raadt |
| 2015-11-03 | pledge_aftersyscall has been reduced to one case, "getpw", to open a | Theo de Raadt |
| 2015-11-02 | some tweaks to the signal code. | Ted Unangst |
| 2015-11-02 | use binary-search for pledge-request | Sebastien Marie |
| 2015-11-02 | move the pledgenote annotation from `struct proc' to `struct nameidata' | Sebastien Marie |
| 2015-11-02 | also handle the kill(self) case for threads; from Theo Buehler | Theo de Raadt |
| 2015-11-02 | provide ml_purge and mq_purge. | David Gwynne |
| 2015-11-01 | refactor pledge_*_check and pledge_fail functions | Sebastien Marie |
| 2015-11-01 | Do not need to check the pledge control bits for system calls that are | Theo de Raadt |
| 2015-11-01 | bind() on AF_UNIX should set PLEDGE_UNIX not PLEDGE_CPATH; ok semarie | Theo de Raadt |
| 2015-11-01 | uniformize "always allowed syscalls" with pledge | Sebastien Marie |
| 2015-10-31 | oops, forgot pselect! crazy how many interface the kernel has here. | Theo de Raadt |
| 2015-10-31 | expose the sysctl backing getloadavg(3) all the time, now that more | Theo de Raadt |
