Age | Commit message (Expand) | Author |
2015-10-25 | reorder some checks in pledge_namei() in order to properly work. | Sebastien Marie |
2015-10-25 | ps(1) needs sysctl KERN_PROC_CWD exposed as well in the pledge "ps" set. | Theo de Raadt |
2015-10-25 | For SYS_open let the /dev/null special case match if any TMN_RPATH, | Todd C. Miller |
2015-10-25 | Allow getsockopt(IP_OPTIONS) (with inet), needed by portmap (for RPC). | Nicholas Marriott |
2015-10-23 | Allow SIOCGIFINFO_IN6 | Theo de Raadt |
2015-10-23 | Introduce a new sysctl NET_RT_IFNAMES that returns only ifnames to ifindex | Claudio Jeker |
2015-10-23 | Add 3 new pledge requests. "ps" exposes enough sysctl information for | Theo de Raadt |
2015-10-23 | Allow hw.ncpu sysctl (a few reasons showed up in my mailbox rapidly..) | Theo de Raadt |
2015-10-22 | Further study shows "route" should allow all address families in NET_RT_DUMP | Theo de Raadt |
2015-10-22 | After some consideration, simply allow TIOCSCTTY in the "tty" pledge. | Theo de Raadt |
2015-10-22 | rename ml_join to ml_enlist and expose it to the rest of the kernel. | David Gwynne |
2015-10-21 | Setting fcntl(F_SETOWN) for a pipe failed with inappropriate ioctl | Alexander Bluhm |
2015-10-20 | At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on | Theo de Raadt |
2015-10-20 | Add SIOCGIFGMEMB to "route" (returns a list of all interfaces who are | Reyk Floeter |
2015-10-20 | clear whitelisted-paths view in pledge. | Sebastien Marie |
2015-10-20 | allow SO_ERROR all the time | Theo de Raadt |
2015-10-20 | Always allow the setsockopt & getsockopt system calls... however, in the | Theo de Raadt |
2015-10-19 | Allow setpriority in "proc" as well, since a few shells have "nice" | Theo de Raadt |
2015-10-19 | Print vnode type for sendfd/recvfd not file type, ok semarie | Nicholas Marriott |
2015-10-18 | Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd" | Theo de Raadt |
2015-10-18 | move SS_DNS socket check from kern_plegde.c to sys_generic.c | Sebastien Marie |
2015-10-18 | getting sloppy, lost a } | Theo de Raadt |
2015-10-18 | Move your drink further away... When a program pledged "getpw" fails to | Theo de Raadt |
2015-10-18 | TIOCSTI and TIOCSCTTY; oops got the condition backwards. | Theo de Raadt |
2015-10-18 | Allow read/write access to /dev/tty when using "tty" pledge. | Doug Hogan |
2015-10-18 | sync | Theo de Raadt |
2015-10-18 | Add two new system calls: dnssocket() and dnsconnect(). This creates a | Theo de Raadt |
2015-10-17 | naddy asks me if __tfork should be allowed by "proc". yes! | Theo de Raadt |
2015-10-17 | connect() to an AF_UNIX socket is really read/write, so tell pledge this | Theo de Raadt |
2015-10-17 | Allow the nasty ioctl TIOCSTI in "tty", but also require the "proc" | Theo de Raadt |
2015-10-17 | better wording in a comment | Theo de Raadt |
2015-10-17 | Unify TIOCGPGRP/TIOCGWINSZ/TIOCGWINSZ behaviour regarding ENOTTY return. | Theo de Raadt |
2015-10-17 | Allow TIOCSCTTY on tty devices, if the pledge says "tty id" | Theo de Raadt |
2015-10-17 | whitespace | Theo de Raadt |
2015-10-17 | Add pledge "id" support. This request permits setuid/seteuid/setresuid, | Theo de Raadt |
2015-10-17 | Allow a few 'get' ioctls for pledge("route"). route6d will soon use this. | Jeremie Courreges-Anglas |
2015-10-16 | Also allow 6 as a miblen for NET_RT_DUMP, not all users specify a rtable. | Jeremie Courreges-Anglas |
2015-10-16 | Make sched_barrier() use its own task queue to avoid deadlocks. | Martin Pieuchot |
2015-10-16 | Repair the pty check for kernels without pty support. | Theo de Raadt |
2015-10-16 | Allow PTMGET with "tty rpath wpath" but restrict only to /dev/ptm by | Nicholas Marriott |
2015-10-16 | Always allow a r/w opening of /dev/null though the namei check. This | Theo de Raadt |
2015-10-16 | delete pledge_bind_check() function and remove pledge_bind_check() call from ... | Sebastien Marie |
2015-10-16 | Place TIOCSTI reminder block better | Theo de Raadt |
2015-10-16 | For "tty" pledges, treat TIOCGPGRP and TIOCGWINSZ like TIOCGETA - | Theo de Raadt |
2015-10-16 | Implement real "flock" request and add it to userland programs that | Todd C. Miller |
2015-10-16 | FIOSETOWN/FIOGETOWN were added to "ioctl", but study finds no programs | Theo de Raadt |
2015-10-16 | Add TIOCCBRK and TIOCSDTR to the whitelist for pledge ioctl. | Doug Hogan |
2015-10-15 | Add TIOCFLUSH to "tty" in support of tcflush() | Theo de Raadt |
2015-10-15 | Exposing FIOASYNC in pledge "ioctl" is a mistake; remove it, cannot find safe... | Theo de Raadt |
2015-10-15 | FIOCLEX & FIONCLEX should be in base ioctl set | Theo de Raadt |