| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-10-18 | sync | Theo de Raadt | |
| 2015-10-18 | Add two new system calls: dnssocket() and dnsconnect(). This creates a | Theo de Raadt | |
| SS_DNS tagged socket which has limited functionality (for example, you cannot accept on them...) The libc resolver will switch to using these, therefore pledge can identify a DNS transaction better. ok tedu guenther kettenis beck and others | |||
| 2015-10-17 | naddy asks me if __tfork should be allowed by "proc". yes! | Theo de Raadt | |
| We may need a better semantic later ("thread"?), but this allows progress, and people can report their experiences. | |||
| 2015-10-17 | connect() to an AF_UNIX socket is really read/write, so tell pledge this | Theo de Raadt | |
| is a RPATH|WPATH operation. Discussed with doug and millert | |||
| 2015-10-17 | Allow the nasty ioctl TIOCSTI in "tty", but also require the "proc" | Theo de Raadt | |
| permission. For now, we'll tighten it down further later. | |||
| 2015-10-17 | better wording in a comment | Theo de Raadt | |
| 2015-10-17 | Unify TIOCGPGRP/TIOCGWINSZ/TIOCGWINSZ behaviour regarding ENOTTY return. | Theo de Raadt | |
| (both "tty" and "ioctl" allow these; they should behave the same) | |||
| 2015-10-17 | Allow TIOCSCTTY on tty devices, if the pledge says "tty id" | Theo de Raadt | |
| worked out with nicm | |||
| 2015-10-17 | whitespace | Theo de Raadt | |
| 2015-10-17 | Fix the code that sets up the MCH BAR on systems where the (buggy) BIOS | Mark Kettenis | |
| doesn't do this for us. The code was poking registers on the wrong PCI device. We were just lucky that it worked on most systems. This should fix machines such as the Asus EeePC 701 and get rid of the error: [drm:pid0:i915_gem_detect_bit_6_swizzle] *ERROR* Couldn't read from MC HBAR. Disabling tiling. messages on that machine. | |||
| 2015-10-17 | Spell all "unexpected mode %u" panics in lower case, not just one of them. | Stefan Sperling | |
| 2015-10-17 | Fix build with IFMEDIA_DEBUG defined; ok sthen@ | Stefan Sperling | |
| 2015-10-17 | Add pledge "id" support. This request permits setuid/seteuid/setresuid, | Theo de Raadt | |
| setgid/setegid/setresgid, setgroups, setlogin, and setpriority. setrlimit and getpriority are also allowed (they are also in "proc") some of these were previously permitted in "proc" but have been removed. this seperation is intentional. "proc" is intended for reasoning about the relationship of a process "with other processes", whereas "id" deals the powerful/dangerous concept of unix ids. "id" will see some action very soon. ok gilles tedu semarie doug | |||
| 2015-10-17 | Allow a few 'get' ioctls for pledge("route"). route6d will soon use this. | Jeremie Courreges-Anglas | |
| ok deraadt@ | |||
| 2015-10-16 | Also allow 6 as a miblen for NET_RT_DUMP, not all users specify a rtable. | Jeremie Courreges-Anglas | |
| ok deraadt@ | |||
| 2015-10-16 | Make sched_barrier() use its own task queue to avoid deadlocks. | Martin Pieuchot | |
| Prevent a deadlock from occuring when intr_barrier() is called from a non-primary CPU in the watchdog task, also enqueued on ``systq''. ok kettenis@ | |||
| 2015-10-16 | Repair the pty check for kernels without pty support. | Theo de Raadt | |
| 2015-10-16 | Allow PTMGET with "tty rpath wpath" but restrict only to /dev/ptm by | Nicholas Marriott | |
| checking cdevsw. ok deraadt | |||
| 2015-10-16 | Always allow a r/w opening of /dev/null though the namei check. This | Theo de Raadt | |
| pattern is common, especially because of daemon(3) usage. Will probably help some daemons move their pledge() calls further upwards. ok doug, | |||
| 2015-10-16 | delete pledge_bind_check() function and remove pledge_bind_check() call from ↵ | Sebastien Marie | |
| sys_bind(). bind(2) still require PLEDGE_INET or PLEDGE_UNIX in order to be called, due to SYS_bind entry in pledge_syscalls array. The diff restores also the ability for PLEDGE_UNIX to call bind(2) (pledge_bind_check function missed that). problem spotted by doug@ OK deraadt@ | |||
| 2015-10-16 | Place TIOCSTI reminder block better | Theo de Raadt | |
| 2015-10-16 | For "tty" pledges, treat TIOCGPGRP and TIOCGWINSZ like TIOCGETA - | Theo de Raadt | |
| returning ENOTTY instead of killing the process. | |||
| 2015-10-16 | Implement real "flock" request and add it to userland programs that | Todd C. Miller | |
| use pledge and file locking. OK deraadt@ | |||
| 2015-10-16 | If a DOWN route entry is passed to a L2 output function, be dumb and | Martin Pieuchot | |
| simply use it. In most of the cases doing a route lookup at this point is a noop as it will return you the same DOWN entry you already have. The exception is the case where the route has been removed from tree since your kernel looked for it. So what? It's just a blue packet. Note that this "exception" can only happen if your sending path does not run under the KERNEL_LOCK. ok mikeb@ | |||
| 2015-10-16 | Put some iwm(4) debug code into #ifdef IWM_DEBUG. | Stefan Sperling | |
| ok mpi@ | |||
| 2015-10-16 | Clean up iwm(4) scanning logic a bit: Reset sc_scanband in callers of | Stefan Sperling | |
| iwm_mvm_scan_request() and always call ieee80211_end_scan() when done. ok mpi@ | |||
| 2015-10-16 | Oops, committed old version of previous diff with a typo in it: NLL -> NULL | Stefan Sperling | |
| 2015-10-16 | In iwm(4), correctly size and map the mbuf used for large firmware commands. | Stefan Sperling | |
| Fixes occasional firmware errors while bringing the interface up or scanning. ok phessler@ | |||
| 2015-10-16 | FIOSETOWN/FIOGETOWN were added to "ioctl", but study finds no programs | Theo de Raadt | |
| currently needing them. delete 'em for now. ok doug | |||
| 2015-10-16 | Add TIOCCBRK and TIOCSDTR to the whitelist for pledge ioctl. | Doug Hogan | |
| cu(1) uses these. ok deraadt@ | |||
| 2015-10-15 | When using a pf rule with both nat-to and rdr-to, it could happen | Alexander Bluhm | |
| that the nated source port was reused as destination port. Do not initialize nport at the beginning of the function, but where it is needed. OK sashan@ | |||
| 2015-10-15 | No need to create links for xxboot now that MI installboot is the preferred | Miod Vallat | |
| way to install boot blocks. | |||
| 2015-10-15 | Add TIOCFLUSH to "tty" in support of tcflush() | Theo de Raadt | |
| 2015-10-15 | Exposing FIOASYNC in pledge "ioctl" is a mistake; remove it, cannot find ↵ | Theo de Raadt | |
| safe uses of it | |||
| 2015-10-15 | Let the rx path of cnmac run without the kernel lock. To avoid the need | Visa Hankala | |
| of a mutex, the path no longer cleans up the queue of tx requests. ok mpi@ | |||
| 2015-10-15 | Fix previous. The port number is not included in sc_src and it is | YASUOKA Masahiko | |
| checked already at beginning of the loop. ok reyk | |||
| 2015-10-15 | in6_pcbconnect() returns EADDRNOTAVAIL when | Vincent Gross | |
| all the ports in the range portfirst .. portlast are in use. ok millert@, mpi@ | |||
| 2015-10-15 | FIOCLEX & FIONCLEX should be in base ioctl set | Theo de Raadt | |
| 2015-10-15 | avoid using a var uninitialised | Jonathan Gray | |
| ok jung@ | |||
| 2015-10-14 | FALTHROUGH->FALLTHROUGH in comment, ok deraadt a few days ago | Stuart Henderson | |
| 2015-10-14 | Add a dummy "flock" request that will allow file locking. It is | Todd C. Miller | |
| not currently enforced but we want the kernel to be able to parse it for an upcoming diff in the next few days. | |||
| 2015-10-14 | When pledged with "fattr", allow chown to supplimentary groups. This | Theo de Raadt | |
| came out of a discussion regarding "sort foo -o foo". ok semarie | |||
| 2015-10-14 | Init a variable in the recently added carp_vhe_match() function clang | Jonathan Gray | |
| and mpi believe could be used uninitialised. ok mpi@ | |||
| 2015-10-14 | Reset the RTF_CONNECTED flag when cloning an entry. | Martin Pieuchot | |
| While here check for RTF_CLONED insted of RTM_RESOLVE when adding an entry. Found while debugging naddy@'s NFS vs em(4) vs rtisvalid(9) issue. | |||
| 2015-10-14 | Rewrite the logic around the dymanic array of routing tables to help | Martin Pieuchot | |
| turning rtable_get(9) MP-safe. Use only one per-AF array, as suggested by claudio@, pointing to an array of pointers to the routing table heads. Routing tables are now allocated/initialized per-AF. This will let us allocate routing table on-demand instead of always having an AF_INET, AF_MPLS and AF_INET table as soon as a new rtableID is used. This also get rid of the "void ***" madness. ok dlg@, jmatthew@ | |||
| 2015-10-14 | pledge "tty" can allow ioctl TIOCEXCL on a tty | Theo de Raadt | |
| 2015-10-14 | sendmsg() is allowed to pass cmsg's which are not CMSG_RIGHTS - last | Theo de Raadt | |
| refactoring inverted the checks; spotted by sthen in ping6. | |||
| 2015-10-13 | Prevent a NULL-pointer dereference when closing a ugen(4) node | Martin Pieuchot | |
| in case the kernel failed to change the interface of a device. Found the hardway by okan | |||
| 2015-10-13 | 3 more headers required for one stinking inet6 ioctl.. | Theo de Raadt | |
| 2015-10-13 | - pf_insert_src_node(): global argument (arg6) is useless, function | Alexandr Nedvedicky | |
| always gets pointer to rule. - pf_remove_src_node(): function should always remove matching src node, regardless the sn->rule.ptr being NULL or valid rule - sn->rule.ptr is never NULL, spotted by mpi and Richard Procter _von_ gmail.com OK mpi@, OK mikeb@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |