src - OpenBSD base system

Age	Commit message (Collapse)	Author
2015-10-07	tame "stdio rpath" initially. if no files, go to tame "stdio".	Theo de Raadt

2015-10-07	tame "stdio rpath getpw" before getpwuid and opening, then tame "stdio"	Theo de Raadt

2015-10-07	tame "stdio rpath wpath cpath tmppath tty". "tty" is the important part	Theo de Raadt
	here, permitting use of readpassphrase()
2015-10-07	tame "stdio rpath wpath cpath" covers mkstemp (O_RDONLY\|O_CREAT),	Theo de Raadt
	mkdtemp(), and unlink()
2015-10-07	tame "stdio". It would take some doing for this to contain a bug, but	Theo de Raadt
	just in case -- now it can barely do anything when it goes wrong.
2015-10-07	tame "stdio". I doubt there is a bug in the environment parsing code.	Theo de Raadt
	But if there is, and this program is taken control of, it is quite limited in the system calls it can do.
2015-10-07	tame "stdio rpath wpath cpath" handles all the cases of opening files	Theo de Raadt

2015-10-07	patch(1) can move to "stdio rpath wpath cpath tmppath fattr proc exec"	Theo de Raadt
	(adding proc exec), now that "exec" has arrived in the kernel. This permits the dangerous game of feeding ed-style diffs with popen() via /bin/ed. Shocked yet? Your mission, should you choose to accept it, is to replace this code with an builtin ed-style patcher, maybe cribbing code from ed itself. I'm sorry, but we can't fix the entire world all at once. Noone loves deprecating standarized features as much as we do, but there are some lines. Maybe if people become aware of how crappy the implimentations of some standard features are, they could help decide the path.
2015-10-07	tame "stdio rpath"	Theo de Raadt

2015-10-07	tame "stdio rpath"	Theo de Raadt

2015-10-07	tame "stdio rpath wpath cpath" or a more mundane "stdio rpath", depending	Theo de Raadt
	on which arguments the programs are run under. ok doug
2015-10-07	tame "stdio inet rpath cpath wpath proc" seems to be sufficient for	Theo de Raadt
	all the wading in here. "proc" is for the speed command, which fork()'s. ok doug
2015-10-07	move from tame "ioctl" to tame "tty", which provides a better fit for	Theo de Raadt
	this program which uses tcgetattr(). the tcsetattr() calls are outside the tame regions.
2015-10-07	tame "stdio getpw rpath wpath tty". "tty" allows this to use	Theo de Raadt
	readpassphrase().
2015-10-07	We continue our tour through obscure BSD <word escapes me>. This stdio-based	Theo de Raadt
	program may open files arbitrarily, so tame "stdio rpath" it from the start.
2015-10-07	tame "stdio rpath" at the start, then potentially some files are opened.	Theo de Raadt
	After that, tame "stdio" because that's all this program does.
2015-10-07	tame "stdio rpath wpath cpath" to cover all the file opening cases.	Theo de Raadt
	ok doug
2015-10-07	tame "stdio rpath" for when paths are specified; otherwise tame "stdio"	Theo de Raadt
	for the stdin case. ok doug
2015-10-07	don't try to change tun device flags if they are already what	Damien Miller
	we need; makes it possible to use tun/tap networking as non- root user if device permissions and interface flags are pre-established; based on patch by Ossi Herrala
2015-10-06	obvious tame "stdio". For those not keeping score, this is another	Theo de Raadt
	program which has had string mismanagement bugs before, probably of the exploitable fashion.. if used in the wrong kind of script..
2015-10-06	tame "stdio rpath" if we have new files to open, otherwise tame "stdio".	Theo de Raadt

2015-10-06	obvious tame "stdio"	Theo de Raadt

2015-10-06	modernize style: "return" is not a function; ok cmp(1)	Ingo Schwarze

2015-10-06	Move from tame "cmsg" to tame "sendfd" or "recvfd", depending on which	Theo de Raadt
	way the process moves fd's.
2015-10-06	Remove the -C option that converts an S/Key database to the new format. It has	Tim van der Molen
	been 13 years since the new format was introduced. OK millert@
2015-10-06	Update path in comment; OK millert@	Tim van der Molen

2015-10-06	only modifies data, stdin to stdout, so tame "stdout"	Theo de Raadt

2015-10-06	use tame "stdio rpath wpath cpath fattr". There is some timezone	Theo de Raadt
	database stuff here which goes further than most programs, but the neccessary files are readable using "rpath".
2015-10-06	simple tame "stdio rpath"	Theo de Raadt

2015-10-06	tame "stdio rpath" before opening the file, tame "stdio" after that	Theo de Raadt

2015-10-06	Simple update for pdf, from file 5.x.	Nicholas Marriott

2015-10-06	Another simple update for xwindows, from 5.x.	Nicholas Marriott

2015-10-06	Log the matched offset (and the new offset) instead of just of the new	Nicholas Marriott
	offset (as if it was where the match was found).
2015-10-06	ssh and ssl key file magic, from file 5.x.	Nicholas Marriott

2015-10-06	Another simple update from file 5.x.	Nicholas Marriott

2015-10-06	Obvious tame "stdio rpath wpath cpath" to a program I will never use.	Theo de Raadt

2015-10-06	these do not use ioctl.h	Theo de Raadt

2015-10-06	tame "stdio getpw"	Theo de Raadt
	discussed with guenther
2015-10-06	data processing stdin to stdout; tame "stdout"	Theo de Raadt

2015-10-06	unfortunately tame "stdio" can only happen well after the sequence of:	Theo de Raadt
	utmp parsing, tty opening, setresgid to drop privs. it only protects a basic io loop. discussed with doug
2015-10-06	Appears that tame "stdio getpw rpath" will satisfy all code paths.	Theo de Raadt

2015-10-05	During getopt(), an optional file may be opened. After that, tame "stdio"	Theo de Raadt
	works. Time for some commentary! tame became possible because syslog(3) in openbsd uses a system call -- sendsyslog(2) -- which does not require an elaborate dance opening an AF_UNIX socket and using connect() or send() to deliver to a "/dev/log" unix socket in the filesystem. sendsyslog(2) was invented to ensure the stack-protector's __stack_smash_handler() can gaurantee delivery of failure messages to syslogd(8) in harsh conditions -- such as file descriptor exhaustion or inside chroot(2). Now it also works in tame(2)'d proceses, since sendsyslog(2) is always allowed. Our syslog(3) needs no elaborate socket code, therefore piles of software does not have an inate need for socket(2), connect(2), send(2), nor access to the filesystem. syslog(3) remains fully compatible otherwise. How does the stack protector report an error in fully capsicum'd program? Or in some other Linux protection mechanism, if someone protectes a program too far and takes sockets away, how do they see the stack protector working? You can have nice things when the underlying rules change.
2015-10-05	tame "stdio rpath wpath cpath", because this program reads and creates	Theo de Raadt
	files, using stdio. It does nothing else.
2015-10-05	Another trivial update, some extra bits for timezone, from file 5.x.	Nicholas Marriott

2015-10-05	Set the line file descriptor nonblocking and make it blocking again for	Nicholas Marriott
	xmodem and child processes, makes xmodem work with -d. Reported by Kim Zeitler via guenther@, tested by Jiri B. ok (and a small change) guenther
2015-10-05	Very trivial changes from file 5.x: spelling mistakes, %ld->%d and some	Nicholas Marriott
	style nits.
2015-10-05	Get BE and LE UTF-32 correct, from file 5.x.	Nicholas Marriott

2015-10-05	Update compress magic from the upstream file 5.x magic files.	Nicholas Marriott

2015-10-05	Remove the non-standard -l flag that pipes the output through pr(1).	Todd C. Miller
	Based on a diff from and OK deraadt@
2015-10-05	Add support for !:strength modifier to adjust strength of a test.	Nicholas Marriott