| Age | Commit message (Expand) | Author |
|---|
| 2015-11-16 | Permit revoke(2) for a pledge "rpath tty" | Theo de Raadt |
| 2015-11-16 | Only perform revoke(2) on tty cdevs. Others paths return ENOTTY. | Theo de Raadt |
| 2015-11-16 | In getdevvp() set the VISTTY flag on a vnode to indicate the underlying | Theo de Raadt |
| 2015-11-16 | brk/sbrk's use case is way too narrow to be a default stdio pledge. | Pascal Stumpf |
| 2015-11-14 | Add pathconf() to pledge "rpath"; ok guenther | Theo de Raadt |
| 2015-11-14 | For pledge "stdio", allow the break(2) system call which backends the brk/sbrk | Theo de Raadt |
| 2015-11-13 | All setsockopt IPPROTO_IPV6 IPV6_TCLASS (v4 calls this IP_TOS) | Theo de Raadt |
| 2015-11-13 | Use ph_ prefix for tag-related fields. | Martin Pieuchot |
| 2015-11-12 | Prefix flowid with ph_ and print it in m_print(). | Martin Pieuchot |
| 2015-11-11 | ktrace vnodes do not need to be opened with FREAD, as they are | Theo de Raadt |
| 2015-11-10 | regen | Philip Guenther |
| 2015-11-10 | Split the intra-thread functionality from kill(2) into its own syscall | Philip Guenther |
| 2015-11-08 | pull initialization up before poosible goto bad, from Mark Latimer | Ted Unangst |
| 2015-11-08 | keep all the setperf timeout(9) handling in one place; ok tedu@ | Christian Weisgerber |
| 2015-11-05 | revert sys/kern/kern_pledge.c 1.103 and reenable pledge in pwd_mkdb | Sebastien Marie |
| 2015-11-04 | pledge_ioctl only takes files, adjust prototype. ok semarie | Ted Unangst |
| 2015-11-04 | move /etc/spwd.db blacklist outside PLEDGE_GETPW check. | Sebastien Marie |
| 2015-11-03 | AF_UNIX connect is a "unix" operation, not "rpath wpath" | Theo de Raadt |
| 2015-11-03 | pledge_aftersyscall has been reduced to one case, "getpw", to open a | Theo de Raadt |
| 2015-11-02 | some tweaks to the signal code. | Ted Unangst |
| 2015-11-02 | use binary-search for pledge-request | Sebastien Marie |
| 2015-11-02 | move the pledgenote annotation from `struct proc' to `struct nameidata' | Sebastien Marie |
| 2015-11-02 | also handle the kill(self) case for threads; from Theo Buehler | Theo de Raadt |
| 2015-11-02 | provide ml_purge and mq_purge. | David Gwynne |
| 2015-11-01 | refactor pledge_*_check and pledge_fail functions | Sebastien Marie |
| 2015-11-01 | Do not need to check the pledge control bits for system calls that are | Theo de Raadt |
| 2015-11-01 | bind() on AF_UNIX should set PLEDGE_UNIX not PLEDGE_CPATH; ok semarie | Theo de Raadt |
| 2015-11-01 | uniformize "always allowed syscalls" with pledge | Sebastien Marie |
| 2015-10-31 | oops, forgot pselect! crazy how many interface the kernel has here. | Theo de Raadt |
| 2015-10-31 | expose the sysctl backing getloadavg(3) all the time, now that more | Theo de Raadt |
| 2015-10-30 | Let m_resethdr() clear the whole mbuf packet header, not only the | Alexander Bluhm |
| 2015-10-30 | Add m_resethdr() to clear any state (pf, tags, flags) of an mbuf packet. | Reyk Floeter |
| 2015-10-29 | Add some setsockopt hacks for libisc, aka John Frum | Theo de Raadt |
| 2015-10-29 | In knote(), use SLIST_FOREACH_SAFE when walking the klist since a call to | Joel Sing |
| 2015-10-29 | Reorder system call table into sequential blocks of alike-functionality | Theo de Raadt |
| 2015-10-28 | mkdir is PLEDGE_CPATH, not PLEDGE_CPATH | PLEDGE_RPATH... | Theo de Raadt |
| 2015-10-28 | cleanup indentation and comments in sysctl whitelist | Theo de Raadt |
| 2015-10-28 | more accurate pledge_fail() error and code for sys_socket | Sebastien Marie |
| 2015-10-28 | merge whitelisted r/w paths and rd paths switch to only one. It becomes | Sebastien Marie |
| 2015-10-28 | remove duplicate setting of p_pledgenote: | Sebastien Marie |
| 2015-10-28 | make sys_chroot() only allowed to be used when pledged, with "rpath id proc". | Sebastien Marie |
| 2015-10-28 | refactor pledge_namei() a bit | Sebastien Marie |
| 2015-10-28 | canonpath() error isn't related to p_pledgenote requirement (only possible | Sebastien Marie |
| 2015-10-28 | in pledge_namei(), move PLEDGE_EXEC check sooner: it doesn't depend of path | Sebastien Marie |
| 2015-10-28 | Prevent F_SETOWN, unless a "proc" pledge was made. | Theo de Raadt |
| 2015-10-28 | sync | Theo de Raadt |
| 2015-10-28 | The short-lived dnssocket/dnsconnect calls are being required because we | Theo de Raadt |
| 2015-10-28 | Paranoa: p_pledgenote the NAMEI for ld.so loading | Theo de Raadt |
| 2015-10-28 | The short-lived dnssocket/dnsconnect calls are being required because we | Theo de Raadt |
| 2015-10-28 | There are three situations where pty ioctl's result in a NDINIT. | Theo de Raadt |
