diff options
| author |   reyk <reyk@openbsd.org> | 2015-10-22 15:55:18 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2015-10-22 15:55:18 +0000 |
| commit | ebfc369325d2c22f833acf029b45694846aba023 (patch) | |
| tree | b1ce3b6fb1b0e0402b50495252c0b929d1992a81 /lib | |
| parent | Add a regress test for if_indextoname() and if_nametoindex() (diff) | |
| download | wireguard-openbsd-ebfc369325d2c22f833acf029b45694846aba023.tar.xz wireguard-openbsd-ebfc369325d2c22f833acf029b45694846aba023.zip | |
iked hereby pledges that it will run with restricted system
operations. This adds pledge(2) too all processes, including the iked
parent process; the existing privsep design has been improved for
better pledgeability. There haven't been any serious problems as it
was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd
passing). The control socket moved to an independent process to
remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree.
"It's the truth" deraadt@
"Let's see what happens" benno@
Diffstat (limited to 'lib')
0 files changed, 0 insertions, 0 deletions