artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5e685f1) | patch
At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on
authorderaadt <deraadt@openbsd.org>
Tue, 20 Oct 2015 18:04:03 +0000 (18:04 +0000)
committerderaadt <deraadt@openbsd.org>
Tue, 20 Oct 2015 18:04:03 +0000 (18:04 +0000)
commit603fdb405f123334738434f7ba091788a76df90b
treed283182d1a75e76e44637c567c07fe1a1958536ctree | snapshot
parent5e685f16b0ec758cd412a5da32199d2ae7572619commit | diff
At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on
socket().  Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53.  In pledge mode,
a very few are further restricted.  Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie
sys/kern/kern_pledge.c diff | blob | history
sys/kern/uipc_syscalls.c diff | blob | history
sys/netinet/in_pcb.c diff | blob | history
sys/netinet6/in6_pcb.c diff | blob | history
sys/sys/pledge.h diff | blob | history
sys/sys/socket.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim