diff options
author | deraadt <deraadt@openbsd.org> | 2017-12-12 01:12:34 +0000 |
---|---|---|
committer | deraadt <deraadt@openbsd.org> | 2017-12-12 01:12:34 +0000 |
commit | 4ea7ed56bd1c71560696216439fcb657286d6443 (patch) | |
tree | 93394e9dd8437592a1edb3f27aa5cee002116242 /include | |
parent | Fix the behavior of preferring weaker-but-still-good 5Ghz APs over (diff) | |
download | wireguard-openbsd-4ea7ed56bd1c71560696216439fcb657286d6443.tar.xz wireguard-openbsd-4ea7ed56bd1c71560696216439fcb657286d6443.zip |
pledge()'s 2nd argument becomes char *execpromises, which becomes the
pledge for a new execve image immediately upon start. Also introduces
"error" which makes violations return -1 ENOSYS instead of killing the
program ("error" may not be handed to a setuid/setgid program, which
may be missing/ignoring syscall return values and would continue with
inconsistant state)
Discussion with many
florian has used this to improve the strictness of a daemon
Diffstat (limited to 'include')
-rw-r--r-- | include/unistd.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/unistd.h b/include/unistd.h index ffec1538f44..dab92899383 100644 --- a/include/unistd.h +++ b/include/unistd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: unistd.h,v 1.104 2017/03/09 10:13:03 fcambus Exp $ */ +/* $OpenBSD: unistd.h,v 1.105 2017/12/12 01:12:34 deraadt Exp $ */ /* $NetBSD: unistd.h,v 1.26.4.1 1996/05/28 02:31:51 mrg Exp $ */ /*- @@ -522,7 +522,7 @@ int strtofflags(char **, u_int32_t *, u_int32_t *); int swapctl(int cmd, const void *arg, int misc); int syscall(int, ...); int getentropy(void *, size_t); -int pledge(const char *, const char **); +int pledge(const char *, const char *); pid_t __tfork_thread(const struct __tfork *, size_t, void (*)(void *), void *); #endif /* __BSD_VISIBLE */ |