summaryrefslogtreecommitdiff
path: root/sys
AgeCommit message (Expand)Author
2015-10-28mkdir is PLEDGE_CPATH, not PLEDGE_CPATH | PLEDGE_RPATH...Theo de Raadt
2015-10-28cleanup indentation and comments in sysctl whitelistTheo de Raadt
2015-10-28more accurate pledge_fail() error and code for sys_socketSebastien Marie
2015-10-28merge whitelisted r/w paths and rd paths switch to only one. It becomesSebastien Marie
2015-10-28remove duplicate setting of p_pledgenote:Sebastien Marie
2015-10-28make sys_chroot() only allowed to be used when pledged, with "rpath id proc".Sebastien Marie
2015-10-28Enable TCP/UDP checksum offloading on packet transmission.Visa Hankala
2015-10-28Add proper padding to packets that the hardware does not recognize asVisa Hankala
2015-10-28refactor pledge_namei() a bitSebastien Marie
2015-10-28canonpath() error isn't related to p_pledgenote requirement (only possibleSebastien Marie
2015-10-28in pledge_namei(), move PLEDGE_EXEC check sooner: it doesn't depend of pathSebastien Marie
2015-10-28Support backspace in softraid boot passphrase prompt.Joel Sing
2015-10-28Add a missing splx for a return path introduced in rev 1.163Jonathan Gray
2015-10-28Prevent F_SETOWN, unless a "proc" pledge was made.Theo de Raadt
2015-10-28Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can nowFlorian Obser
2015-10-28syncTheo de Raadt
2015-10-28The short-lived dnssocket/dnsconnect calls are being required because weTheo de Raadt
2015-10-28Paranoa: p_pledgenote the NAMEI for ld.so loadingTheo de Raadt
2015-10-28The short-lived dnssocket/dnsconnect calls are being required because weTheo de Raadt
2015-10-28There are three situations where pty ioctl's result in a NDINIT.Theo de Raadt
2015-10-28Set pledgenote to PLEDGE_RPATH in chdir & chrootTheo de Raadt
2015-10-28TIOCCONS will probably never be permitted, but it is good style to setTheo de Raadt
2015-10-28Though sys_ktrace is not yet pledge allowed, prepare by settingTheo de Raadt
2015-10-28move p_pledgenote setting next to NDINIT()Theo de Raadt
2015-10-28kern.cptime is length 2Theo de Raadt
2015-10-28missing splx in error pathJonathan Gray
2015-10-28support kern.cptime alsoTheo de Raadt
2015-10-27RIP arp_ifinit().Martin Pieuchot
2015-10-27arp_ifinit() is no longer needed.Martin Pieuchot
2015-10-27arp_ifinit() is no longer needed.Martin Pieuchot
2015-10-27Rewrite in_ouraddr() to not use ``rt_ifa'' since it is not obvious thatMartin Pieuchot
2015-10-27Use verbose defines instead of hardcoded values for clarity whenMike Belopuhov
2015-10-27Sync chacha_ivsetup to the version in ssh so that we couldMike Belopuhov
2015-10-27Move code around for clarity, no functional change.Martin Pieuchot
2015-10-27Use rt_ifidx rather than rt_ifp.Martin Pieuchot
2015-10-26Add ppoll() to "stdio"Theo de Raadt
2015-10-26Use axf's hashsize as a block size in the authenticated encryption routine.Mike Belopuhov
2015-10-26Use rt_ifidx rather than rt_ifp.Martin Pieuchot
2015-10-26(char *)0 -> NULLmmcc
2015-10-26Let SLIST_REMOVE invalidate the pointer in more cases.Alexander Bluhm
2015-10-26dns check needs to be done on the kernel address after copyinTed Unangst
2015-10-26Allow NET_RT_IFLIST in pledge "dns" as wellTheo de Raadt
2015-10-26If the system call is entirely unpermitted, code will be 0, and there isTheo de Raadt
2015-10-26add setreuid/setregid to "id"Theo de Raadt
2015-10-26change some pledge_fail() error/codeSebastien Marie
2015-10-26make pledge_check(), used for syscall check with pledge, returns an error andSebastien Marie
2015-10-26Cast isdigit()'s argument to unsigned char.mmcc
2015-10-25unbreak tree for ramdisks without INET6Theo de Raadt
2015-10-25Put some comments in how nd6_rs_attach() works.Florian Obser
2015-10-25Fold "malloc" into "stdio" and -- recognizing that no program so far hasTheo de Raadt
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 04:41:15 +0000