artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0a2dc01) | patch
Always allow the setsockopt & getsockopt system calls... however, in the
authorderaadt <deraadt@openbsd.org>
Tue, 20 Oct 2015 01:44:00 +0000 (01:44 +0000)
committerderaadt <deraadt@openbsd.org>
Tue, 20 Oct 2015 01:44:00 +0000 (01:44 +0000)
commit7ba9c3eba0ab719782f31ed4f9953cc9e5e68b24
treec31136a61b7629767a1e179c1e7d9cde882b4e4ftree | snapshot
parent0a2dc018e1c189484ef2429bbfb10b1c50bdf668commit | diff
Always allow the setsockopt & getsockopt system calls... however, in the
default case only allows SOL_SOCKET SO_RCVBUF which is very common in
network-facing daemons.  Many of them manage this on a socket after
dropping abilities which can get them _new_ sockets.. syslogd, bgpd,
relayd, etc etc.  Other sockopts still require specific pledges.
Tested by bluhm.
sys/kern/kern_pledge.c diff | blob | history
sys/kern/uipc_syscalls.c diff | blob | history
sys/sys/pledge.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim