Age | Commit message (Expand) | Author |
2015-10-14 | FALTHROUGH->FALLTHROUGH in comment, ok deraadt a few days ago | Stuart Henderson |
2015-10-14 | Add a dummy "flock" request that will allow file locking. It is | Todd C. Miller |
2015-10-14 | When pledged with "fattr", allow chown to supplimentary groups. This | Theo de Raadt |
2015-10-14 | pledge "tty" can allow ioctl TIOCEXCL on a tty | Theo de Raadt |
2015-10-14 | sendmsg() is allowed to pass cmsg's which are not CMSG_RIGHTS - last | Theo de Raadt |
2015-10-13 | 3 more headers required for one stinking inet6 ioctl.. | Theo de Raadt |
2015-10-13 | Allow ioctl SIOCGNBRINFO_IN6 in case of "route", for use by ndp. | Theo de Raadt |
2015-10-13 | NET_RT_FLAGS must also accept a proto selection. | Theo de Raadt |
2015-10-13 | allow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledge | Theo de Raadt |
2015-10-13 | Initialize va_filerev in vattr_null() to avoid leaking stack garbage; | Philip Guenther |
2015-10-13 | Pledge "fattr" request should allow fchflags(). | Doug Hogan |
2015-10-12 | pledge "proc" request should allow setsid() | Theo de Raadt |
2015-10-12 | Remove the "cmsg" attribute, as promised. Use "sendfd" or "recvfd", | Theo de Raadt |
2015-10-11 | pledge_ioctl_check() will do the killing if neccessary; if it returns, | Theo de Raadt |
2015-10-11 | add a missed check for PLEDGE_RPATH when reading a file. | Sebastien Marie |
2015-10-11 | sigaltstack is directly used by setjmp on some architectures. it only | Theo de Raadt |
2015-10-11 | put TIOCSWINSZ in the right block "tty", not in "ioctl". this happened | Theo de Raadt |
2015-10-11 | In pledge "tty", allow TIOCSWINSZ. stty(1) is the obvious silly use. | Theo de Raadt |
2015-10-11 | __get_tcb() is needed for errno access in threaded programs on some archs. | Philip Guenther |
2015-10-11 | Always set the timeout at least one tick in the future for EVFILT_TIMER | Philip Guenther |
2015-10-10 | For pledge, sigsuspend() should is affecting the behaviour a process itself, | Theo de Raadt |
2015-10-10 | pid 0 also implies self, so allow that for the pledge case. Found in | Theo de Raadt |
2015-10-10 | shuffle #ifdef TIOCSTI block to avoid a future /*FALLTHROUGH*/ mistake. | Theo de Raadt |
2015-10-10 | allow sysctl of kern.clockrate | Theo de Raadt |
2015-10-10 | I forgot execve would go through the namei codepath, so a program marked | Theo de Raadt |
2015-10-09 | Allow kill(self, sig) in pledge SELF also. the stack protector, abort(), | Theo de Raadt |
2015-10-09 | Have not come up with a great pattern for flock() yet. flock() is permitted | Theo de Raadt |
2015-10-09 | oops, snuck into a syscalls sync; spotted by sthen | Theo de Raadt |
2015-10-09 | another stray ) | Theo de Raadt |
2015-10-09 | shortcircuit TIOCGETA to directly return ENOTTY for non-ttys. It could | Theo de Raadt |
2015-10-09 | stardate 93370.16: a whitespace appears to have entered our quadrant... | Theo de Raadt |
2015-10-09 | multicast test backwards; noted by renato | Theo de Raadt |
2015-10-09 | Rename tame() to pledge(). This fairly interface has evolved to be more | Theo de Raadt |
2015-10-09 | sync | Theo de Raadt |
2015-10-09 | Rename tame() to pledge(). This fairly interface has evolved to be more | Theo de Raadt |
2015-10-08 | Expose a small set of multicast join operators under the request "mcast". | Theo de Raadt |
2015-10-08 | setsockopt has a small list of options it can set. If we find ourselves | Theo de Raadt |
2015-10-08 | Only in TAME_ROUTE, allow ioctl SIOCGIFADDR/SIOCGIFFLAGS/SIOCGIFRDOMAIN, | Theo de Raadt |
2015-10-08 | Use the radix API directly and get rid of the function pointers. There | Martin Pieuchot |
2015-10-07 | Split out routing sysctl's from tame "inet", and put them into the | Theo de Raadt |
2015-10-07 | easy free sizes; ok mpi | Theo de Raadt |
2015-10-07 | rn_inithead() offset argument is now specified in byte, missed in previous. | Martin Pieuchot |
2015-10-07 | Initialize the routing table before domains. | Martin Pieuchot |
2015-10-07 | Add the tame "exec" request. This allows processes which request | Theo de Raadt |
2015-10-06 | A process should be able to do sigpending for itself | Theo de Raadt |
2015-10-06 | For TAME_PROC, allow setrlimit() | Theo de Raadt |
2015-10-06 | When "proc" is requested, allow setpgid() and sigsuspend(). | Theo de Raadt |
2015-10-06 | Add new "tty" request, which allows TIOCGETA, TIOCGPGRP, TIOCGWINSZ, | Theo de Raadt |
2015-10-06 | Rework the tame cmsg handler to make it work both ways. While on recv one | Claudio Jeker |
2015-10-06 | rmdir() is just a CPATH operation; remove RPATH marker that snuck in. | Theo de Raadt |