| Age | Commit message (Expand) | Author |
|---|
| 2015-10-28 | sync | Theo de Raadt |
| 2015-10-28 | The short-lived dnssocket/dnsconnect calls are being required because we | Theo de Raadt |
| 2015-10-28 | Paranoa: p_pledgenote the NAMEI for ld.so loading | Theo de Raadt |
| 2015-10-28 | The short-lived dnssocket/dnsconnect calls are being required because we | Theo de Raadt |
| 2015-10-28 | There are three situations where pty ioctl's result in a NDINIT. | Theo de Raadt |
| 2015-10-28 | Set pledgenote to PLEDGE_RPATH in chdir & chroot | Theo de Raadt |
| 2015-10-28 | TIOCCONS will probably never be permitted, but it is good style to set | Theo de Raadt |
| 2015-10-28 | Though sys_ktrace is not yet pledge allowed, prepare by setting | Theo de Raadt |
| 2015-10-28 | move p_pledgenote setting next to NDINIT() | Theo de Raadt |
| 2015-10-28 | kern.cptime is length 2 | Theo de Raadt |
| 2015-10-28 | support kern.cptime also | Theo de Raadt |
| 2015-10-26 | Add ppoll() to "stdio" | Theo de Raadt |
| 2015-10-26 | dns check needs to be done on the kernel address after copyin | Ted Unangst |
| 2015-10-26 | Allow NET_RT_IFLIST in pledge "dns" as well | Theo de Raadt |
| 2015-10-26 | If the system call is entirely unpermitted, code will be 0, and there is | Theo de Raadt |
| 2015-10-26 | add setreuid/setregid to "id" | Theo de Raadt |
| 2015-10-26 | change some pledge_fail() error/code | Sebastien Marie |
| 2015-10-26 | make pledge_check(), used for syscall check with pledge, returns an error and | Sebastien Marie |
| 2015-10-25 | Fold "malloc" into "stdio" and -- recognizing that no program so far has | Theo de Raadt |
| 2015-10-25 | pledge_sockopt_check is shared between setsockopt/getsockopt. nicm | Theo de Raadt |
| 2015-10-25 | reorder some checks in pledge_namei() in order to properly work. | Sebastien Marie |
| 2015-10-25 | ps(1) needs sysctl KERN_PROC_CWD exposed as well in the pledge "ps" set. | Theo de Raadt |
| 2015-10-25 | For SYS_open let the /dev/null special case match if any TMN_RPATH, | Todd C. Miller |
| 2015-10-25 | Allow getsockopt(IP_OPTIONS) (with inet), needed by portmap (for RPC). | Nicholas Marriott |
| 2015-10-23 | Allow SIOCGIFINFO_IN6 | Theo de Raadt |
| 2015-10-23 | Introduce a new sysctl NET_RT_IFNAMES that returns only ifnames to ifindex | Claudio Jeker |
| 2015-10-23 | Add 3 new pledge requests. "ps" exposes enough sysctl information for | Theo de Raadt |
| 2015-10-23 | Allow hw.ncpu sysctl (a few reasons showed up in my mailbox rapidly..) | Theo de Raadt |
| 2015-10-22 | Further study shows "route" should allow all address families in NET_RT_DUMP | Theo de Raadt |
| 2015-10-22 | After some consideration, simply allow TIOCSCTTY in the "tty" pledge. | Theo de Raadt |
| 2015-10-22 | rename ml_join to ml_enlist and expose it to the rest of the kernel. | David Gwynne |
| 2015-10-21 | Setting fcntl(F_SETOWN) for a pipe failed with inappropriate ioctl | Alexander Bluhm |
| 2015-10-20 | At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on | Theo de Raadt |
| 2015-10-20 | Add SIOCGIFGMEMB to "route" (returns a list of all interfaces who are | Reyk Floeter |
| 2015-10-20 | clear whitelisted-paths view in pledge. | Sebastien Marie |
| 2015-10-20 | allow SO_ERROR all the time | Theo de Raadt |
| 2015-10-20 | Always allow the setsockopt & getsockopt system calls... however, in the | Theo de Raadt |
| 2015-10-19 | Allow setpriority in "proc" as well, since a few shells have "nice" | Theo de Raadt |
| 2015-10-19 | Print vnode type for sendfd/recvfd not file type, ok semarie | Nicholas Marriott |
| 2015-10-18 | Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd" | Theo de Raadt |
| 2015-10-18 | move SS_DNS socket check from kern_plegde.c to sys_generic.c | Sebastien Marie |
| 2015-10-18 | getting sloppy, lost a } | Theo de Raadt |
| 2015-10-18 | Move your drink further away... When a program pledged "getpw" fails to | Theo de Raadt |
| 2015-10-18 | TIOCSTI and TIOCSCTTY; oops got the condition backwards. | Theo de Raadt |
| 2015-10-18 | Allow read/write access to /dev/tty when using "tty" pledge. | Doug Hogan |
| 2015-10-18 | sync | Theo de Raadt |
| 2015-10-18 | Add two new system calls: dnssocket() and dnsconnect(). This creates a | Theo de Raadt |
| 2015-10-17 | naddy asks me if __tfork should be allowed by "proc". yes! | Theo de Raadt |
| 2015-10-17 | connect() to an AF_UNIX socket is really read/write, so tell pledge this | Theo de Raadt |
| 2015-10-17 | Allow the nasty ioctl TIOCSTI in "tty", but also require the "proc" | Theo de Raadt |
