Disallow the _pbuild user from making TCP/UDP connections in the default - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	sthen <sthen@openbsd.org>	2017-12-03 20:40:04 +0000
committer	sthen <sthen@openbsd.org>	2017-12-03 20:40:04 +0000
commit	e407216449fd52f8346143146cb0de3322de93f0 (patch)
tree	0f085c9c7da0169bcc603f0e3f458d2cdb851239 /sys/netinet/tcp_input.c
parent	Enable bgw(4). (diff)
download	wireguard-openbsd-e407216449fd52f8346143146cb0de3322de93f0.tar.xz wireguard-openbsd-e407216449fd52f8346143146cb0de3322de93f0.zip

Disallow the _pbuild user from making TCP/UDP connections in the default

PF ruleset. This is not a complete block on _pbuild being able to communicate (e.g. non-TCP/UDP protocols don't have a PCB with userid, so PF can't restrict in those cases) but avoids some cases, and in particular makes it more obvious when a port does things like download extra distfiles or dependencies as part of the build process. Slight tweak from a diff by espie@.

Diffstat (limited to 'sys/netinet/tcp_input.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: