summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Delete an assignment that is unconditionally overwritten two lines later;schwarze2015-10-121-2/+1
| | | | | found by Svyatoslav Mishyn <juef at openmailbox dot org> with the clang static analyzer.
* Garbage collect an unused variable, no functional change;schwarze2015-10-121-4/+3
| | | | found by Svyatoslav Mishyn <juef at openmailbox dot org> with cppcheck.
* Check the right pointer against NULL;schwarze2015-10-121-2/+2
| | | | | fixing a pasto introduced in the previous commit; found by Svyatoslav Mishyn <juef at openmailbox dot org> with cppcheck.
* Check that the disk specified on the command line is the disk thatkrw2015-10-123-7/+35
| | | | | | files are copied to. Error out with 'cross-device install' if not. ok millert@, ok deraadt@ & jsing@ for previous version
* add Date header when a session iniated locally doesn't add onegilles2015-10-121-1/+12
| | | | ok millert@, ok eric@
* these callers of ttyname() no longer need to pledge "tty"deraadt2015-10-122-4/+4
|
* ttyname() no longer does ioctl TIOCGETA, so pledge("tty") is no longernaddy2015-10-122-4/+4
| | | | needed here. ok deraadt@
* When isatty() was switched to F_ISATTY, the inline copy in ttyname()naddy2015-10-121-4/+2
| | | | was forgotten. Just call isatty(). ok deraadt@
* Maintain a list of files marked for deletion while refreshing a diredlum2015-10-122-11/+182
| | | | | | | | | | buffer. Previously, when refreshing the buffer the files marked for deletion would be lost. Since the relationship between the files that have been marked for deletion and those that exist on disk is volatile, I have chosen to implement the discovery of marked files during the refresh function as opposed to maintaining a dired buffer specific list.
* deprecate & remove -W option; ok florianderaadt2015-10-122-39/+9
|
* Reverse the sm_error call in sm_trap.ajacoutot2015-10-121-2/+2
| | | | pointed out by semarie@... I need some sleep :/
* Only remove existing sum files on trap handlers.ajacoutot2015-10-121-3/+7
| | | | req. by semarie@
* Make it clear that umask ignores everything but the rwx bits.millert2015-10-121-8/+15
| | | | OK deraadt@
* Make wcrtomb() more readable by weeding out range errors up front,schwarze2015-10-121-14/+11
| | | | | | | doing ASCII handling once rather than twice, and using <= rather than ((&~)==) obfuscation (which already caused a bug in the past). No functional change. Joint work with and OK stsp@ semarie@ bentley@
* Parentheses are useless after "return", it's not a function.schwarze2015-10-121-3/+3
| | | | | | There is no need to mop this up everywhere, but at least style(9) should show modern rather than historic style. OK millert@ tedu@
* Call pledge(2) after initial getsockname(2) to avoid "inet" addition.uebayasi2015-10-121-4/+5
| | | | From & OK deraadt@
* ftp(1) was static for years, as a recovery seatbelt. These daysderaadt2015-10-121-2/+1
| | | | | | | | reliability has improved, and other repair methods are easier from bsd.rd or whatnot. As a static binary ftp has limited ASLR, yet it has 7 libraries... Making it non-static means the ASLR picture improves. Let's see who moans first. ok miod daniel
* kvm_mkdb & dev_mkdb are quite similar. pledge "stdio rpath wpath cpath"deraadt2015-10-122-2/+8
| | | | except kvm_mkdb also does "getpw".
* pledge wasn't called pledge in 5.8, and it was disabled;schwarze2015-10-121-3/+3
| | | | issue noticed by tim@, solution suggested by deraadt@
* pledge "stdio rpath wpath cpath"; all the path options are usedderaadt2015-10-121-1/+4
| | | | until the bitter end.
* Use "-" rather than "\(hy" for the heads of .Bl -dash and -hyphen lists.schwarze2015-10-123-3/+72
| | | | | | | In UTF-8 output, that renders as ASCII HYPHEN-MINUS (U+002D) rather than HYPHEN (U+2010), which looks better and matches groff. In ASCII output, it makes no difference. Suggested by naddy@.
* Annotate an pretty obvious signal race... no time to fix it now.deraadt2015-10-121-1/+2
|
* Pledge "stdio wpath tty"; "awesome" deraadt@tim2015-10-121-1/+4
|
* in fuser mode with -k or -s mode, kill(2) might be called andderaadt2015-10-121-3/+13
| | | | | | route lookups won't be needed; so expand the pledge setup to handle 3 codepaths. from theo buehler
* reenable pledge(2) on pax, but only if pmode isn't in use or if actionsemarie2015-10-121-6/+6
| | | | | | shouldn't do things with filesystem. ok deraadt@ millert@
* These no longer need to be static. The ramdisk's no longer reach-aroundderaadt2015-10-122-8/+2
| | | | | and use the one in the base install, but have their own copy. ok millert sthen miod daniel
* the pattr argument to IFQ_ENQUEUE is unused, so let's get rid of it.dlg2015-10-124-10/+9
| | | | | | also the comment above IFQ_ENQUEUE that says the pattr argument is unused. ok mpi@
* Fix a copy-pasto: Check the correct bit for STBC beacon in HT OP element.stsp2015-10-121-2/+2
| | | | ok sthen@
* indent the builtin text a little, for naddy;jmc2015-10-121-3/+3
|
* two leftovers string missed in tame->pledge conversionsemarie2015-10-122-4/+4
| | | | ok jsg@
* Unify link state change notification.mpi2015-10-121-41/+21
| | | | ok mikeb@
* dont need to do suser checks in ioctl paths cos if.c does them for us.dlg2015-10-121-12/+1
| | | | ok mikeb@ mpi@
* protect SIOCSLIFPHYTTL, SIOCSVNETID so only root can call them, anddlg2015-10-121-1/+5
| | | | | | | return EPNOTSUPP for SIOCGLIFPHYTTL and SIOCGVNETID. all so drivers dont have to do these checks themselves. ok mikeb@ mpi@
* fix case of PACkAGE_REPOSITORY; remco at dpub nlsthen2015-10-121-3/+3
| | | | ^
* Introduce bridge_ifinput() to handle some repeated logic beforereyk2015-10-121-18/+19
| | | | | | | | | | | if_input() and to have a counterpart for bridge_ifenqueue() that helps to understand the traffic/code flow in bridge better. The bridge currently only puts a single packet on the input mbuf list, and changing will need to undo part of this commit, but it still makes sense to have a well-defined call for the ports receive path. No functional change. OK mpi@
* Always initialise the index into iwm's tx queue array, fixing astsp2015-10-121-3/+2
| | | | | | potential crash. This must have somehow been working by magic. Fruther cleanup of QoS support in this driver is very much needed. ok mpi@
* Revert the pledge() call on pax/ar_io.c for now.semarie2015-10-121-1/+3
| | | | | | A pledged program is not allowed to change user/group for others. "I think that makes the most sense" @sthen
* do not umask() [with the wrong umask] around mkstemp() calls, no matterderaadt2015-10-124-16/+4
| | | | | how broken other systems are. ok guenther gilles
* Correctly mark-up some recent additions. ok jmc@lum2015-10-121-4/+8
|
* pledge "stdio" after opening files, code is very similar to mkubootderaadt2015-10-121-1/+4
|
* Move execution of the constraints from the ntp to the parent process.reyk2015-10-125-187/+427
| | | | | | | | | | | | | This helps the ntp process to a) give a better pledge(2) and to b) keep the promise of "saving the world again... on time" by removing the delays that have been introduced by expensive constraint forks. The new design offers better privsep but introduces a few more imsgs and runs a little bit more code in the privileged parent. The privileged code is minimal, carefully checked, and does not attempt to "parse" any contents; the forked constraints instantly drop all privileges and pledge to "stdio inet". OK beck@ deraadt@
* Gahamas -> Bahamas;jmc2015-10-121-2/+2
| | | | from pgoyette (netbsd -r1.26)
* pledge "stdio" after opening up the input & output files.deraadt2015-10-121-1/+4
| | | | ok jsg
* unifdef EVP_CHECK_DES_KEY: Ben Kaduk noticed it has a syntax error; thatguenther2015-10-124-40/+4
| | | | | | | | error was present in the original 2004 commit, so it hasn't been used in over 11 years, thus exceeding our deprecation requirements by over a decade. OpenSSL has chosen to *fix it*; we'll gladly watch it burn ok jsing@
* same thing as biff, pledge "stdio rpath fattr tty"deraadt2015-10-121-1/+4
|
* biff pledges to only do "stdio rpath fattr tty". (very small program..deraadt2015-10-121-1/+3
| | | | the actual order of use is tty, rpath, stdio or fattr)
* fstat() of opened fd, rather than stat(), to avoid TOCTOUderaadt2015-10-121-5/+3
| | | | ok jsg
* preservation modes can adjust setugid bits, so no pledge is possible.deraadt2015-10-122-2/+23
| | | | | | | Otherwise, lay the groundwork for whether a gzip program may be run or not. After such a gzip program is started, pledge the program will not exec again. Took a few iterations to get this going... it is looking good. with guenther.
* does not need ioctl.hderaadt2015-10-121-2/+1
|
* with the RPATH enforcement, acpidump(1) don't work anymore...semarie2015-10-121-2/+2
| | | | | | | | it needs rpath for reading /dev/mem (at least): kvm_openfiles(NULL, NULL, NULL, O_RDONLY, NULL) ok doug@ fix the regression deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.