summaryrefslogtreecommitdiff
path: root/sys/kern
AgeCommit message (Expand)Author
2015-10-14FALTHROUGH->FALLTHROUGH in comment, ok deraadt a few days agoStuart Henderson
2015-10-14Add a dummy "flock" request that will allow file locking. It isTodd C. Miller
2015-10-14When pledged with "fattr", allow chown to supplimentary groups. ThisTheo de Raadt
2015-10-14pledge "tty" can allow ioctl TIOCEXCL on a ttyTheo de Raadt
2015-10-14sendmsg() is allowed to pass cmsg's which are not CMSG_RIGHTS - lastTheo de Raadt
2015-10-133 more headers required for one stinking inet6 ioctl..Theo de Raadt
2015-10-13Allow ioctl SIOCGNBRINFO_IN6 in case of "route", for use by ndp.Theo de Raadt
2015-10-13NET_RT_FLAGS must also accept a proto selection.Theo de Raadt
2015-10-13allow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledgeTheo de Raadt
2015-10-13Initialize va_filerev in vattr_null() to avoid leaking stack garbage;Philip Guenther
2015-10-13Pledge "fattr" request should allow fchflags().Doug Hogan
2015-10-12pledge "proc" request should allow setsid()Theo de Raadt
2015-10-12Remove the "cmsg" attribute, as promised. Use "sendfd" or "recvfd",Theo de Raadt
2015-10-11pledge_ioctl_check() will do the killing if neccessary; if it returns,Theo de Raadt
2015-10-11add a missed check for PLEDGE_RPATH when reading a file.Sebastien Marie
2015-10-11sigaltstack is directly used by setjmp on some architectures. it onlyTheo de Raadt
2015-10-11put TIOCSWINSZ in the right block "tty", not in "ioctl". this happenedTheo de Raadt
2015-10-11In pledge "tty", allow TIOCSWINSZ. stty(1) is the obvious silly use.Theo de Raadt
2015-10-11__get_tcb() is needed for errno access in threaded programs on some archs.Philip Guenther
2015-10-11Always set the timeout at least one tick in the future for EVFILT_TIMERPhilip Guenther
2015-10-10For pledge, sigsuspend() should is affecting the behaviour a process itself,Theo de Raadt
2015-10-10pid 0 also implies self, so allow that for the pledge case. Found inTheo de Raadt
2015-10-10shuffle #ifdef TIOCSTI block to avoid a future /*FALLTHROUGH*/ mistake.Theo de Raadt
2015-10-10allow sysctl of kern.clockrateTheo de Raadt
2015-10-10I forgot execve would go through the namei codepath, so a program markedTheo de Raadt
2015-10-09Allow kill(self, sig) in pledge SELF also. the stack protector, abort(),Theo de Raadt
2015-10-09Have not come up with a great pattern for flock() yet. flock() is permittedTheo de Raadt
2015-10-09oops, snuck into a syscalls sync; spotted by sthenTheo de Raadt
2015-10-09another stray )Theo de Raadt
2015-10-09shortcircuit TIOCGETA to directly return ENOTTY for non-ttys. It couldTheo de Raadt
2015-10-09stardate 93370.16: a whitespace appears to have entered our quadrant...Theo de Raadt
2015-10-09multicast test backwards; noted by renatoTheo de Raadt
2015-10-09Rename tame() to pledge(). This fairly interface has evolved to be moreTheo de Raadt
2015-10-09syncTheo de Raadt
2015-10-09Rename tame() to pledge(). This fairly interface has evolved to be moreTheo de Raadt
2015-10-08Expose a small set of multicast join operators under the request "mcast".Theo de Raadt
2015-10-08setsockopt has a small list of options it can set. If we find ourselvesTheo de Raadt
2015-10-08Only in TAME_ROUTE, allow ioctl SIOCGIFADDR/SIOCGIFFLAGS/SIOCGIFRDOMAIN,Theo de Raadt
2015-10-08Use the radix API directly and get rid of the function pointers. ThereMartin Pieuchot
2015-10-07Split out routing sysctl's from tame "inet", and put them into theTheo de Raadt
2015-10-07easy free sizes; ok mpiTheo de Raadt
2015-10-07rn_inithead() offset argument is now specified in byte, missed in previous.Martin Pieuchot
2015-10-07Initialize the routing table before domains.Martin Pieuchot
2015-10-07Add the tame "exec" request. This allows processes which requestTheo de Raadt
2015-10-06A process should be able to do sigpending for itselfTheo de Raadt
2015-10-06For TAME_PROC, allow setrlimit()Theo de Raadt
2015-10-06When "proc" is requested, allow setpgid() and sigsuspend().Theo de Raadt
2015-10-06Add new "tty" request, which allows TIOCGETA, TIOCGPGRP, TIOCGWINSZ,Theo de Raadt
2015-10-06Rework the tame cmsg handler to make it work both ways. While on recv oneClaudio Jeker
2015-10-06rmdir() is just a CPATH operation; remove RPATH marker that snuck in.Theo de Raadt