summaryrefslogtreecommitdiff
path: root/sys/kern
AgeCommit message (Expand)Author
2015-10-25reorder some checks in pledge_namei() in order to properly work.Sebastien Marie
2015-10-25ps(1) needs sysctl KERN_PROC_CWD exposed as well in the pledge "ps" set.Theo de Raadt
2015-10-25For SYS_open let the /dev/null special case match if any TMN_RPATH,Todd C. Miller
2015-10-25Allow getsockopt(IP_OPTIONS) (with inet), needed by portmap (for RPC).Nicholas Marriott
2015-10-23Allow SIOCGIFINFO_IN6Theo de Raadt
2015-10-23Introduce a new sysctl NET_RT_IFNAMES that returns only ifnames to ifindexClaudio Jeker
2015-10-23Add 3 new pledge requests. "ps" exposes enough sysctl information forTheo de Raadt
2015-10-23Allow hw.ncpu sysctl (a few reasons showed up in my mailbox rapidly..)Theo de Raadt
2015-10-22Further study shows "route" should allow all address families in NET_RT_DUMPTheo de Raadt
2015-10-22After some consideration, simply allow TIOCSCTTY in the "tty" pledge.Theo de Raadt
2015-10-22rename ml_join to ml_enlist and expose it to the rest of the kernel.David Gwynne
2015-10-21Setting fcntl(F_SETOWN) for a pipe failed with inappropriate ioctlAlexander Bluhm
2015-10-20At guenther's suggestion replace dnssocket() with a SOCK_DNS flag onTheo de Raadt
2015-10-20Add SIOCGIFGMEMB to "route" (returns a list of all interfaces who areReyk Floeter
2015-10-20clear whitelisted-paths view in pledge.Sebastien Marie
2015-10-20allow SO_ERROR all the timeTheo de Raadt
2015-10-20Always allow the setsockopt & getsockopt system calls... however, in theTheo de Raadt
2015-10-19Allow setpriority in "proc" as well, since a few shells have "nice"Theo de Raadt
2015-10-19Print vnode type for sendfd/recvfd not file type, ok semarieNicholas Marriott
2015-10-18Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd"Theo de Raadt
2015-10-18move SS_DNS socket check from kern_plegde.c to sys_generic.cSebastien Marie
2015-10-18getting sloppy, lost a }Theo de Raadt
2015-10-18Move your drink further away... When a program pledged "getpw" fails toTheo de Raadt
2015-10-18TIOCSTI and TIOCSCTTY; oops got the condition backwards.Theo de Raadt
2015-10-18Allow read/write access to /dev/tty when using "tty" pledge.Doug Hogan
2015-10-18syncTheo de Raadt
2015-10-18Add two new system calls: dnssocket() and dnsconnect(). This creates aTheo de Raadt
2015-10-17naddy asks me if __tfork should be allowed by "proc". yes!Theo de Raadt
2015-10-17connect() to an AF_UNIX socket is really read/write, so tell pledge thisTheo de Raadt
2015-10-17Allow the nasty ioctl TIOCSTI in "tty", but also require the "proc"Theo de Raadt
2015-10-17better wording in a commentTheo de Raadt
2015-10-17Unify TIOCGPGRP/TIOCGWINSZ/TIOCGWINSZ behaviour regarding ENOTTY return.Theo de Raadt
2015-10-17Allow TIOCSCTTY on tty devices, if the pledge says "tty id"Theo de Raadt
2015-10-17whitespaceTheo de Raadt
2015-10-17Add pledge "id" support. This request permits setuid/seteuid/setresuid,Theo de Raadt
2015-10-17Allow a few 'get' ioctls for pledge("route"). route6d will soon use this.Jeremie Courreges-Anglas
2015-10-16Also allow 6 as a miblen for NET_RT_DUMP, not all users specify a rtable.Jeremie Courreges-Anglas
2015-10-16Make sched_barrier() use its own task queue to avoid deadlocks.Martin Pieuchot
2015-10-16Repair the pty check for kernels without pty support.Theo de Raadt
2015-10-16Allow PTMGET with "tty rpath wpath" but restrict only to /dev/ptm byNicholas Marriott
2015-10-16Always allow a r/w opening of /dev/null though the namei check. ThisTheo de Raadt
2015-10-16delete pledge_bind_check() function and remove pledge_bind_check() call from ...Sebastien Marie
2015-10-16Place TIOCSTI reminder block betterTheo de Raadt
2015-10-16For "tty" pledges, treat TIOCGPGRP and TIOCGWINSZ like TIOCGETA -Theo de Raadt
2015-10-16Implement real "flock" request and add it to userland programs thatTodd C. Miller
2015-10-16FIOSETOWN/FIOGETOWN were added to "ioctl", but study finds no programsTheo de Raadt
2015-10-16Add TIOCCBRK and TIOCSDTR to the whitelist for pledge ioctl.Doug Hogan
2015-10-15Add TIOCFLUSH to "tty" in support of tcflush()Theo de Raadt
2015-10-15Exposing FIOASYNC in pledge "ioctl" is a mistake; remove it, cannot find safe...Theo de Raadt
2015-10-15FIOCLEX & FIONCLEX should be in base ioctl setTheo de Raadt