summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add TIOCCBRK and TIOCSDTR to the whitelist for pledge ioctl.doug2015-10-161-1/+3
| | | | | | cu(1) uses these. ok deraadt@
* Pledge support for the parent/resolver in identd(8).doug2015-10-161-1/+14
| | | | | | | | | | This limits the resolver to just "stdio getpw" or "stdio getpw rpath" depending on whether ~/.noident files are checked. The child/listener cannot use pledge yet because it calls a sysctl that hasn't been whitelisted. "commit" deraadt@
* Pledge for ftp(1) in non-interactive mode.doug2015-10-161-1/+23
| | | | | | | | We will iterate and remove some of the pledges in the future. This is conservative for now. Tested by sthen@ and myself. ok deraadt@
* Remove -B from EXAMPLES; reminded by jmc@miod2015-10-161-23/+2
|
* Add allocarray(), an overflow-safe allocation function.mmcc2015-10-161-1/+26
| | | | | | | | | | We avoided reallocation support because it demands more fancy footwork to deal with the prepended link struct. This has been on my mind for a while, and a 2010 security review of mksh by the Android security team's Chris Palmer suggested it. ok nicm@. Also discussed with millert@ and tedu@.
* syncderaadt2015-10-162-0/+2
|
* fine tune the logging some moretedu2015-10-161-1/+8
|
* simplify logging functions. once a daemon, always a daemontedu2015-10-161-23/+19
|
* safety check that we're dealing with the filter we expecttedu2015-10-161-2/+5
|
* most things should be statictedu2015-10-161-15/+15
|
* exit(1) is better for the impossible conditiontedu2015-10-161-2/+3
|
* fix some signed/unsigned integer type mismatches in formatdjm2015-10-154-9/+9
| | | | strings; reported by Nicholas Lemonias
* Do not abuse .Nm for emphasis;schwarze2015-10-151-12/+5
| | | | | patch from Michael Reed <m dot reed at mykolab dot com>. Also drop .Tn while here.
* Delete two preprocessor constants that are no longer used.schwarze2015-10-152-7/+2
| | | | Patch from Michael Reed <m dot reed at mykolab dot com>.
* argument to sshkey_from_private() and sshkey_demote() can't be NULLdjm2015-10-151-7/+3
|
* After spawning, the parent can pledge "stdio rpath wpath cpath"deraadt2015-10-151-1/+4
| | | | from rob pierce
* Remove three distracting aliases for NULL.mmcc2015-10-152-15/+11
| | | | ok nicm@
* Simplify the part of args() that is handling .Bl -column phrases:schwarze2015-10-151-73/+28
| | | | | | | | | | Delete manual "Ta" handling because macro handling should not be done in an argument parser but should be left to the macro parsers, which exist anyway and work well. No functional change, minus 40 lines of code. Confusing and redundant code found while investigating an old bug report from tim@.
* When blk_full() handles an .It line in .Bl -column and indirectlyschwarze2015-10-151-1/+6
| | | | | | | | calls phrase_ta() to handle a .Ta child macro, advance the body pointer accordingly, such that a subsequent tab character rewinds the right body block and doesn't fail an assertion. That happened when there was nothing between the .Ta and the tab character. Bug reported by tim@ some time ago.
* it is perhaps better style to not call close() on -1, even if harmlesstedu2015-10-151-6/+12
|
* make sure req is zeroed in tcp casetedu2015-10-151-2/+2
|
* better memory handling of the request/cache chaintedu2015-10-151-9/+23
|
* do not insert entry into cache until it's fully formedtedu2015-10-151-2/+2
|
* doh, not all requests are the same size. check len first.tedu2015-10-151-2/+3
|
* assert is the wrong tooltedu2015-10-151-3/+4
|
* the inet sockets don't work well with inet6 addrs. pick family from addr.tedu2015-10-151-3/+3
| | | | detected by naddy
* everybody can build reboundtedu2015-10-151-2/+3
|
* no mail for _rebound. deraadttedu2015-10-151-1/+2
|
* introduce logerr, since most logging is followed by exittedu2015-10-151-33/+36
|
* don't allow NSD to pick up libevent from /usr/local if the libevent2sthen2015-10-151-1/+2
| | | | package is installed.
* now with _rebound user, we can try a little harder at privdroptedu2015-10-151-3/+11
|
* _rebound user and group (52)tedu2015-10-152-0/+2
|
* make the HUP interlocking in the parent work better.tedu2015-10-151-10/+24
|
* trivial KNFderaadt2015-10-151-3/+5
|
* In syslogd replace the dprintf() macro with a logdebug() functionbluhm2015-10-153-85/+97
| | | | | as dprintf(3) is in libc now and does something different. OK guenther@
* Pledge login_token with "stdio rpath wpath cpath fattr getpw tty".bluhm2015-10-151-1/+4
| | | | OK deraadt@
* just a space in usage, from deraadttedu2015-10-151-2/+2
|
* Remove an unused included header (sys/stat.h).mmcc2015-10-151-2/+1
|
* add a hint about the config file, until it changestedu2015-10-151-1/+5
|
* child can be pledged down a bit to just sockets and iotedu2015-10-151-1/+6
|
* When using a pf rule with both nat-to and rdr-to, it could happenbluhm2015-10-151-3/+6
| | | | | | | that the nated source port was reused as destination port. Do not initialize nport at the beginning of the function, but where it is needed. OK sashan@
* import rebound, a lightweight dns proxy, for further polishingtedu2015-10-154-0/+648
|
* Introduce an unsigned char variable for the ctype function calls.mmcc2015-10-151-5/+7
| | | | ok millert@
* Don't Xr flock, since that is not the locking method used.deraadt2015-10-151-3/+2
| | | | ok millert
* Remove disklabel -B (NUMBOOT) support. All the platforms which used to needmiod2015-10-154-320/+8
| | | | | | it are now using MI installboot for that purpose. ok krw@ deraadt@
* Avoid a race between fopen(3) and fchmod(2). Use umask(2) andbluhm2015-10-151-3/+4
| | | | | | | | unlink(2) and fopen(3) to prevent an attacker to open an old file with wrong permissions before the secret is written into it. This also guarantees that a new file with correct permissions is created. Without fchmod(2) "fattr" can be removed from pledge. with and OK deraadt@
* No need to create links for xxboot now that MI installboot is the preferredmiod2015-10-151-4/+1
| | | | way to install boot blocks.
* Use MI installboot instead of disklabel -B to install boot blocks.miod2015-10-156-36/+19
| | | | ok krw@ deraadt@
* Add an extra argument to bootstrap() to allow for a limited overlap between anmiod2015-10-156-14/+31
| | | | | | | | | | | | | | | | existing partition and the boot blocks span, and update all callers to require an overlap limit of zero sectors (thus not changing their behaviour). Then, add proper support for vax: copy the 2nd-stage boot block to /boot and install the 1st-stage boot block at the beginning of the disk, retaining the disklabel; allow for an overlap of up to 16 sectors, which is perfectly fine as long as your `a' partition is FFS. Note that regular installs will not even have such an overlap, because the default OpenBSD span on a disk on vax starts at sector 16, but installation media use sperific layout which require this. ok krw@
* add missing comma and missing range restriction, found by smilintsthen2015-10-151-4/+7
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.