| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Behave like chown(8) to prevent clobbering user names which are numbers.
Prompted by and "this is how it should be" tedu, OK millert
|
| |
|
|
|
|
|
|
|
|
| |
Replace `long long id' with appropiate types and names, use smaller limits
where applicable and move variable declarations up out of loops.
This makes the code clearer and a tad simpler while staying consistent
across databases.
Feedback and OK millert
|
| |
|
|
|
|
|
| |
hostsprint() reserves only 16 columns for IPs and prints one whitespace too
many afterwards. Crank it up to 39 as per hostsaddrinfo() to align nicely.
OK millert
|
| |
|
|
|
|
|
|
|
|
| |
This simplifies the code, makes it less address family specific and plays
nicely with previously used getaddrinfo(2).
While here, make function parameter `const', sort stack variables by size
and nitpick PF_UNSPEC.
OK millert
|
| |
|
|
| |
OK tb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
specific file (in read mode) we can add a 4th attribute to the struct getentdb
to define each of those files, except for group/hosts/passwd dbs which will be
assigned NULL to that attribute because all the necessary files they need to
open are already whitelisted through pledge(2) via either dns or getpw
promises.
With that set we can then check if the 4th attribute (called unveil) is not
NULL and in that case unveil(2) that specific file per each database.
After a discussion with millert@ regarding YP then deraadt@ chimed in referring
that when he wrote this code even though we can have YP mappings with several
of these dbs "it doesn't mean that things use it, or should, or will" so adding
unveil(2) here should not impact any YP environments.
OK millert@ deraadt@
|
| |
|
|
|
|
|
|
|
| |
short lived, we either go directly exiting the program or just a few lines
below we call pledge(2) again, where it actually should be, and with really
reduced promises. Next commit will restrict further access to the filesystem
through unveil(2).
OK deraadt@ kn@
|
| | |
|
| |
|
|
|
| |
was:
#define SHELLSPRINT printf("%s\n", sh)
|
| |
|
|
|
|
|
|
|
| |
These should have been "stdio getpw" before, but they worked for non-YP
environments. With YP, it won't work without "getpw".
Reported by semarie@ and confirmed as a problem by miod@.
ok deraadt@
|
| |
|
|
| |
discussed with doug and semarie
|
| |
|
|
|
|
|
| |
This pledges the superset of all requests for the various getent databases
and then drops to the minimum for the chosen database.
ok deraadt@
|
| |
|
|
|
|
|
|
|
| |
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
| |
|
|
| |
OK florian@ henning@
|
| |
|
|
|
|
|
|
|
|
| |
The asr library no longer supports gethostent(3), and there is no
reasonable way to implement it. Consequently, as suggested
by guenther@, error out when hosts enumeration is requested.
OK deraadt@ guenther@ florian@
Also remove the now useless calls to sethostent(3) and endhostend(3)
as suggested by florian@.
|
| |
|
|
|
|
| |
Pointed out by todd@.
"The approach seems fine." deraadt@
OK todd@
|
| |
|
|
|
|
|
|
|
| |
Not sure what's more surprising: how long it took for NetBSD to
catch up to the rest of the BSDs (including UCB), or the amount of
code that NetBSD has claimed for itself without attributing to the
actual authors.
OK deraadt@
|
| | |
|
| | |
|
| | |
|
| |
|
kn
mestre
jca
doug
deraadt
schwarze
florian
ray
otto
millert