| Age | Commit message (Expand) | Author |
|---|
| 2015-10-05 | Offset into the file can be size_t and add some casts to remove warnings. | Nicholas Marriott |
| 2015-10-05 | Style nits on a couple of casts. | Nicholas Marriott |
| 2015-10-05 | some more bzero->explicit_bzero, from Michael McConville | Damien Miller |
| 2015-10-05 | correct picasso's birth date; | Jason McIntyre |
| 2015-10-05 | use different tame requests if TMPDIR is in env: | Sebastien Marie |
| 2015-10-05 | Handle ifi_oqdrops in netstat(8). | Masao Uebayashi |
| 2015-10-05 | If expression omits -exec/execdir/-ok primaries, then find will never | Theo de Raadt |
| 2015-10-05 | If the -l flag is set, diff will fork/execve pr on a pipe. But other | Theo de Raadt |
| 2015-10-05 | tame "stdio rpath" or tame "stdio" suffices for all of these programs. | Theo de Raadt |
| 2015-10-05 | This can use tame "stdio rpath" from the top. If we are only working on | Theo de Raadt |
| 2015-10-05 | tame "stdio rpath" works. (Someone could refactor the processing loop | Theo de Raadt |
| 2015-10-05 | tame "stdio rpath" works fine, as long as we sidestep the demangling | Theo de Raadt |
| 2015-10-05 | Since the dawn of time, this has contained freopen() for the tty path | Theo de Raadt |
| 2015-10-05 | tame "stdio rpath" initially; if we find out the only file operated on | Theo de Raadt |
| 2015-10-05 | tame "stdio rpath wpath cpath fattr", because this creates new files, | Theo de Raadt |
| 2015-10-05 | refactor, so we don't a C function in a .h file, yuck! | Theo de Raadt |
| 2015-10-05 | tame "stdio getpw" right at the top; this runs the whole gamut of | Theo de Raadt |
| 2015-10-05 | tame "stdio rpath" for the entire lifetime. newsyntax() could open a file | Theo de Raadt |
| 2015-10-05 | small KNF | Theo de Raadt |
| 2015-10-05 | tame "stdio rpath" early on, but if we discover only stdin is being | Theo de Raadt |
| 2015-10-05 | use the normal -1 check for tame failure | Theo de Raadt |
| 2015-10-05 | use the normal -1 check for tame failure | Theo de Raadt |
| 2015-10-05 | tame "stdio rpath" is enough for the general case, which opens file | Theo de Raadt |
| 2015-10-05 | tame "stdio rpath" works here. It may look like the stdin case can avoid | Theo de Raadt |
| 2015-10-05 | col can be locked down with tame "stdio", in case it is fed nasty input, | Theo de Raadt |
| 2015-10-05 | banner can be restricted to tame "stdio". if this program is put into a | Theo de Raadt |
| 2015-10-04 | remove tame "proc". it is not useful, because the "ed" diffs require | Theo de Raadt |
| 2015-10-04 | Also needs "rpath" for some circumstances. | Theo de Raadt |
| 2015-10-04 | Add tame(2) to file(1) and drop the old systrace(4) sandbox. tame(2) is | Nicholas Marriott |
| 2015-10-04 | Repair tame() error check to be == -1 | Theo de Raadt |
| 2015-10-03 | Add ktracing of tame()'s arguments' values | Philip Guenther |
| 2015-10-03 | option LFS is dead, but we missed option ACCOUNTING here | Philip Guenther |
| 2015-10-03 | you can't edit stdin in place. check for this before the hack that | Ted Unangst |
| 2015-10-03 | Now that dc(1) no longer supports !command with popen(), we can start | Theo de Raadt |
| 2015-10-03 | delete documentation for ! command | Theo de Raadt |
| 2015-10-03 | disable ! command, makes dc(1) more tameable | Otto Moerbeek |
| 2015-10-03 | wc only opens files read-only, proceses them, and spits results to stdout. | Theo de Raadt |
| 2015-10-03 | As pointed out by tobiasu, ed-style patches still use popen() and execute | Theo de Raadt |
| 2015-10-03 | - Simplify use of ctype functions. | Tim van der Molen |
| 2015-10-03 | tame "stdio" right between setlocale and getopt, it is easy to review | Theo de Raadt |
| 2015-10-03 | Fix wrong cast. | Vadim Zhukov |
| 2015-10-03 | grep only opens files read-only, reads via stdio or other methods, performs | Theo de Raadt |
| 2015-10-03 | tame "stdio getpw rpath" can be done quite early after the getopt. | Theo de Raadt |
| 2015-10-03 | leave does a fork, but other than that it is boring stdio. | Theo de Raadt |
| 2015-10-03 | gzip can use tame "stdio wpath cpath fattr". this blocks a lot of | Theo de Raadt |
| 2015-10-03 | BIO_get_fd() could return fd 0; fix error condition. Found at | Theo de Raadt |
| 2015-10-03 | switch from using the systrace-based sandbox to the tame-based sandbox. | Theo de Raadt |
| 2015-10-03 | patch appears to work fully with tame "stdio rpath wpath cpath tmppath fattr". | Theo de Raadt |
| 2015-10-03 | uniq has a complicated initialization around getopt. beforehands, we | Theo de Raadt |
| 2015-10-03 | script is two processes. the main io-loop process can be locked down with | Theo de Raadt |
