Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-06-28 | When system calls indicate an error they return -1, not some arbitrary | Theo de Raadt | |
value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. | |||
2018-10-26 | If we pass `file' via args then we need to unveil(2) it with read permission, | Ricardo Mestre | |
otherwise if omitted we need to unveil(2) both _PATH_UNIX and _PATH_KSYMS with same permissions. Unconditionally we need to also unveil(2) dbdir, which by default is _PATH_VARDB but can be changed via args (-o directory), with read/write/create permissions. There are a couple of temp files that will be created but it's inside dbdir so there's no need to unveil(2) them individually. Since we already call pledge(2) before, twice, we need to add "unveil" promise to both of them, and finally call pledge(2) once again with the needed promises except "unveil". OK millert@ | |||
2018-04-26 | Use <fcntl.h> instead of <sys/file.h> for open() and friends. | Philip Guenther | |
Delete a bunch of unnecessary #includes and sort to match style(9) while doing the above cleanup. ok deraadt@ krw@ | |||
2017-11-21 | The call to setegid(2) was replaced with setresgid(2) a while ago. | Theo Buehler | |
Adjust error message accordingly. | |||
2017-10-27 | Use <elf.h> instead of <elf_abi.h> | Martin Pieuchot | |
ok jasper@, jca@, deraadt@ | |||
2016-09-10 | missing fclose() in an error path | Jonathan Gray | |
2016-04-25 | use setresgid() rather than setegid, all 3 gids can go the same way. | Theo de Raadt | |
discussion with millert | |||
2015-12-10 | Remove NULL-checks before free(). ok tb@ | mmcc | |
2015-11-23 | missing pledge "getpw" for getgrnam(3) | Theo de Raadt | |
2015-11-08 | Set the effective gid to kmem so the fchown of kvm_bsd.db is allowed | Todd C. Miller | |
by pledge(2). This requires pledge "id" but that can be dropped immediately after the setegid() call. From Theo Buehler | |||
2015-11-05 | there is a retry path in here which contains rename() and fchown(). | Theo de Raadt | |
Use a slightly larger pledge, earlier on. from gregor best | |||
2015-10-16 | Implement real "flock" request and add it to userland programs that | Todd C. Miller | |
use pledge and file locking. OK deraadt@ | |||
2015-10-13 | semarie points out i am already forgetting the rules are very tight around | Theo de Raadt | |
*chown, even "proc fattr" won't let you do such a job. remove early pledge(), only leave call after fchown, before when symbol table work gets done. | |||
2015-10-13 | oops, a chown appears late on the code. to satisfy this pledge | Theo de Raadt | |
"stdio rpath wpath cpath getpw fattr proc" early on; "proc fattr" allows doing work with other uids on the file. after opening the db, do the chown (replace with fchown since we know fd) and then pledge "stdio rpath"; "rpath" due to tmpfile rename() at the end. mistake spotted by mpi | |||
2015-10-12 | kvm_mkdb & dev_mkdb are quite similar. pledge "stdio rpath wpath cpath" | Theo de Raadt | |
except kvm_mkdb also does "getpw". | |||
2015-08-20 | stdlib.h is in scope; do not cast malloc/calloc/realloc* | Theo de Raadt | |
ok millert krw | |||
2015-01-18 | do not require <a.out.h> | Theo de Raadt | |
2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt | |
possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol) | |||
2014-12-23 | the kvm database only needs to be readable by kmem group. make it so. | Ted Unangst | |
2014-07-20 | Make sure the correct errno is reported by warn* or err* and not | Philip Guenther | |
the errno of an intervening cleanup operation like close/unlink/etc. Diff from Doug Hogan (doug (at) acyclic.org) | |||
2014-05-20 | Use errc/warnc to simplify code. | Philip Guenther | |
Also, in 'ftp', always put the error message last, after the hostname/ipaddr. ok jsing@ krw@ millert@ | |||
2013-11-12 | remove the code that iterates over binary types, since everything is now | Theo de Raadt | |
ELF. | |||
2013-10-15 | tedu a.out support | Theo de Raadt | |
2013-08-22 | Correct format string mismatches turned up by -Wformat=2 | Philip Guenther | |
suggestions and ok millert@ | |||
2013-01-29 | Allow for a kernel linked at address zero; ok guenther@ millert@ | Miod Vallat | |
2012-04-06 | iterate over e_shnum using Elf32_Word instead of int | Theo de Raadt | |
2009-11-11 | patch a whole bunch of memory leaks, parfait only spotted one of them | Theo de Raadt | |
ok miod jsg | |||
2009-10-28 | rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and | Theo de Raadt | |
unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms | |||
2007-09-02 | use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg | Theo de Raadt | |
2007-05-31 | convert to new .Dd format; | Jason McIntyre | |
2007-03-18 | do not use section names for locating a string tab; miod@ ok | Michael Shalayeff | |
2005-04-14 | fix off-by-ones in path truncation checks. from Han Boetes; ok deraadt@ | Damien Miller | |
2004-11-24 | Use sysctl to get the running kernel version instead of grotting | Todd C. Miller | |
through kmem. Fixes false positives on machines where the memory is not cleared between boots. OK deraadt@, tedu@, jaredy@ | |||
2003-11-21 | add -o option to generate kvm database in alternate directory; | Damien Miller | |
manpage nits jmc@ ok tedu@ | |||
2003-09-25 | realloc fixes; markus ok | Theo de Raadt | |
2003-06-26 | ansi and protos | Theo de Raadt | |
2003-06-12 | - section reorder | Jason McIntyre | |
- macro fixes - kill whitespace at EOL - new sentence, new line | |||
2003-06-02 | Remove the advertising clause in the UCB license which Berkeley | Todd C. Miller | |
rescinded 22 July 1999. Proofed by myself and Theo. | |||
2003-04-06 | use snamesize and realloc properly. ok tdeval@ | Ted Unangst | |
2003-04-04 | strlcpy; tedu ok | Theo de Raadt | |
2002-11-30 | be better about the STT_NOTYPE symbols, not all become N_UNDEF this way; ↵ | Michael Shalayeff | |
pefo@ ok | |||
2002-10-25 | prepend the underscore always for elf, this makes kvm_bsd.db work on elf ↵ | Michael Shalayeff | |
platforms; drahn@ millert@ ok | |||
2002-09-06 | fopen() does not return < 0 | Theo de Raadt | |
2002-05-30 | minor KNF | Theo de Raadt | |
2002-03-25 | bring in prototypes | Theo de Raadt | |
2002-03-14 | kill more registers. | Mike Pechkin | |
millert@ ok | |||
2002-02-20 | Fix ELF so it works with /dev/ksyms. Also make 'detection' of ksyms | Per Fogelstrom | |
a little more robust by looking at the actual namelist filename. | |||
2002-02-16 | Part one of userland __P removal. Done with a simple regexp with some minor ↵ | Todd C. Miller | |
hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically. | |||
2001-05-11 | MAP_COPY -> MAP_SHARED (it's ok in this case (/dev/ksyms)) | Artur Grabowski | |
2001-02-03 | ELF: fallback to malloc when mmap fails. for /dev/ksyms. | Artur Grabowski | |